net-ssh 6.1.0 → 7.3.0

data/lib/net/ssh/connection/term.rb

@@ -1,7 +1,6 @@
-module Net 
-  module SSH 
+module Net
+  module SSH
     module Connection
-      
       # These constants are used when requesting a pseudo-terminal (via
       # Net::SSH::Connection::Channel#request_pty). The descriptions for each are
       # taken directly from RFC 4254 ("The Secure Shell (SSH) Connection Protocol"),
@@ -10,173 +9,172 @@ module Net
         # Interrupt character; 255 if none. Similarly for the other characters.
         # Not all of these characters are supported on all systems.
         VINTR = 1
-    
+
         # The quit character (sends SIGQUIT signal on POSIX systems).
         VQUIT = 2
-    
+
         # Erase the character to left of the cursor.
         VERASE = 3
-    
+
         # Kill the current input line.
         VKILL = 4
-    
+
         # End-of-file character (sends EOF from the terminal).
         VEOF = 5
-    
+
         # End-of-line character in addition to carriage return and/or linefeed.
         VEOL = 6
-    
+
         # Additional end-of-line character.
         VEOL2 = 7
-    
+
         # Continues paused output (normally control-Q).
         VSTART = 8
-    
+
         # Pauses output (normally control-S).
         VSTOP = 9
-    
+
         # Suspends the current program.
         VSUSP = 10
-    
+
         # Another suspend character.
         VDSUSP = 11
-    
+
         # Reprints the current input line.
         VREPRINT = 12
-    
+
         # Erases a word left of cursor.
         VWERASE = 13
-    
+
         # Enter the next character typed literally, even if it is a special
         # character.
         VLNEXT = 14
-    
+
         # Character to flush output.
         VFLUSH = 15
-    
+
         # Switch to a different shell layer.
         VSWITCH = 16
-    
+
         # Prints system status line (load, command, pid, etc).
         VSTATUS = 17
-    
+
         # Toggles the flushing of terminal output.
         VDISCARD = 18
-    
+
         # The ignore parity flag. The parameter SHOULD be 0 if this flag is FALSE,
         # and 1 if it is TRUE.
         IGNPAR = 30
-    
+
         # Mark parity and framing errors.
         PARMRK = 31
-    
+
         # Enable checking of parity errors.
         INPCK = 32
-    
+
         # Strip 8th bit off characters.
         ISTRIP = 33
-    
+
         # Map NL into CR on input.
         INCLR = 34
-    
+
         # Ignore CR on input.
         IGNCR = 35
-    
+
         # Map CR to NL on input.
         ICRNL = 36
-    
+
         # Translate uppercase characters to lowercase.
         IUCLC = 37
-    
+
         # Enable output flow control.
         IXON = 38
-    
+
         # Any char will restart after stop.
         IXANY = 39
-    
+
         # Enable input flow control.
         IXOFF = 40
-    
+
         # Ring bell on input queue full.
         IMAXBEL = 41
-    
+
         # Enable signals INTR, QUIT, [D]SUSP.
         ISIG = 50
-    
+
         # Canonicalize input lines.
         ICANON = 51
-    
+
         # Enable input and output of uppercase characters by preceding their
         # lowercase equivalents with "\".
         XCASE = 52
-    
+
         # Enable echoing.
         ECHO = 53
-    
+
         # Visually erase chars.
         ECHOE = 54
-    
+
         # Kill character discards current line.
         ECHOK = 55
-    
+
         # Echo NL even if ECHO is off.
         ECHONL = 56
-    
+
         # Don't flush after interrupt.
         NOFLSH = 57
-    
+
         # Stop background jobs from output.
         TOSTOP = 58
-    
+
         # Enable extensions.
         IEXTEN = 59
-    
+
         # Echo control characters as ^(Char).
         ECHOCTL = 60
-    
+
         # Visual erase for line kill.
         ECHOKE = 61
-    
+
         # Retype pending input.
         PENDIN = 62
-    
+
         # Enable output processing.
         OPOST = 70
-    
+
         # Convert lowercase to uppercase.
         OLCUC = 71
-    
+
         # Map NL to CR-NL.
         ONLCR = 72
-    
+
         # Translate carriage return to newline (output).
         OCRNL = 73
-    
+
         # Translate newline to carriage return-newline (output).
         ONOCR = 74
-    
+
         # Newline performs a carriage return (output).
         ONLRET = 75
-    
+
         # 7 bit mode.
         CS7 = 90
-    
+
         # 8 bit mode.
         CS8 = 91
-    
+
         # Parity enable.
         PARENB = 92
-    
+
         # Odd parity, else even.
         PARODD = 93
-    
+
         # Specifies the input baud rate in bits per second.
         TTY_OP_ISPEED = 128
-    
+
         # Specifies the output baud rate in bits per second.
         TTY_OP_OSPEED = 129
       end
-
     end
   end
 end

data/lib/net/ssh/errors.rb

@@ -1,4 +1,4 @@
-module Net 
+module Net
   module SSH
     # A general exception class, to act as the ancestor of all other Net::SSH
     # exception classes.
@@ -33,7 +33,7 @@ module Net
     # a "channel open failed" message.
     class ChannelOpenFailed < Net::SSH::Exception
       attr_reader :code, :reason
-  
+
       def initialize(code, reason)
         @code, @reason = code, reason
         super "#{reason} (#{code})"
@@ -45,43 +45,43 @@ module Net
     # the remember_host! method on the exception, and then retry.
     class HostKeyError < Net::SSH::Exception
       # the callback to use when #remember_host! is called
-      attr_writer :callback #:nodoc:
-  
+      attr_writer :callback # :nodoc:
+
       # situation-specific data describing the host (see #host, #port, etc.)
-      attr_writer :data #:nodoc:
-  
+      attr_writer :data # :nodoc:
+
       # An accessor for getting at the data that was used to look up the host
       # (see also #fingerprint, #host, #port, #ip, and #key).
       def [](key)
         @data && @data[key]
       end
-  
+
       # Returns the fingerprint of the key for the host, which either was not
       # found or did not match.
       def fingerprint
         @data && @data[:fingerprint]
       end
-  
+
       # Returns the host name for the remote host, as reported by the socket.
       def host
         @data && @data[:peer] && @data[:peer][:host]
       end
-  
+
       # Returns the port number for the remote host, as reported by the socket.
       def port
         @data && @data[:peer] && @data[:peer][:port]
       end
-  
+
       # Returns the IP address of the remote host, as reported by the socket.
       def ip
         @data && @data[:peer] && @data[:peer][:ip]
       end
-  
+
       # Returns the key itself, as reported by the remote host.
       def key
         @data && @data[:key]
       end
-  
+
       # Tell Net::SSH to record this host and key in the known hosts file, so
       # that subsequent connections will remember them.
       def remember_host!

data/lib/net/ssh/key_factory.rb

@@ -5,7 +5,6 @@ require 'net/ssh/authentication/ed25519_loader'
 
 module Net
   module SSH
-
     # A factory class for returning new Key classes. It is used for obtaining
     # OpenSSL key instances via their SSH names, and for loading both public and
     # private keys. It used used primarily by Net::SSH itself, internally, and
@@ -18,14 +17,14 @@ module Net
     class KeyFactory
       # Specifies the mapping of SSH names to OpenSSL key classes.
       MAP = {
-        'dh'    => OpenSSL::PKey::DH,
-        'rsa'   => OpenSSL::PKey::RSA,
-        'dsa'   => OpenSSL::PKey::DSA,
+        'dh' => OpenSSL::PKey::DH,
+        'rsa' => OpenSSL::PKey::RSA,
+        'dsa' => OpenSSL::PKey::DSA,
         'ecdsa' => OpenSSL::PKey::EC
       }
       MAP["ed25519"] = Net::SSH::Authentication::ED25519::PrivKey if defined? Net::SSH::Authentication::ED25519
 
-      class <<self
+      class << self
         # Fetch an OpenSSL key instance by its SSH name. It will be a new,
         # empty key of the given type.
         def get(name)
@@ -37,7 +36,7 @@ module Net
         # appropriately. The new key is returned. If the key itself is
         # encrypted (requiring a passphrase to use), the user will be
         # prompted to enter their password unless passphrase works.
-        def load_private_key(filename, passphrase=nil, ask_passphrase=true, prompt=Prompt.default)
+        def load_private_key(filename, passphrase = nil, ask_passphrase = true, prompt = Prompt.default)
           data = File.read(File.expand_path(filename))
           load_data_private_key(data, passphrase, ask_passphrase, filename, prompt)
         end
@@ -47,7 +46,7 @@ module Net
         # appropriately. The new key is returned. If the key itself is
         # encrypted (requiring a passphrase to use), the user will be
         # prompted to enter their password unless passphrase works.
-        def load_data_private_key(data, passphrase=nil, ask_passphrase=true, filename="", prompt=Prompt.default)
+        def load_data_private_key(data, passphrase = nil, ask_passphrase = true, filename = "", prompt = Prompt.default)
           key_type = classify_key(data, filename)
 
           encrypted_key = nil
@@ -87,7 +86,7 @@ module Net
         # Loads a public key. It will correctly determine whether
         # the file describes an RSA or DSA key, and will load it
         # appropriately. The new public key is returned.
-        def load_data_public_key(data, filename="")
+        def load_data_public_key(data, filename = "")
           fields = data.split(/ /)
 
           blob = nil

data/lib/net/ssh/known_hosts.rb

@@ -1,11 +1,68 @@
 require 'strscan'
 require 'openssl'
-require 'base64'
+require 'delegate'
 require 'net/ssh/buffer'
 require 'net/ssh/authentication/ed25519_loader'
 
 module Net
   module SSH
+    module HostKeyEntries
+      # regular public key entry
+      class PubKey < Delegator
+        def initialize(key, comment: nil) # rubocop:disable Lint/MissingSuper
+          @key = key
+          @comment = comment
+        end
+
+        def ssh_type
+          @key.ssh_type
+        end
+
+        def ssh_types
+          [ssh_type]
+        end
+
+        def to_blob
+          @key.to_blob
+        end
+
+        def __getobj__
+          Kernel.warn("Calling Net::SSH::Buffer methods on HostKeyEntries PubKey is deprecated")
+          @key
+        end
+
+        def matches_key?(server_key)
+          @key.ssh_type == server_key.ssh_type && @key.to_blob == server_key.to_blob
+        end
+      end
+
+      # @cert-authority entry
+      class CertAuthority
+        def ssh_types
+          %w[
+            ecdsa-sha2-nistp256-cert-v01@openssh.com
+            ecdsa-sha2-nistp384-cert-v01@openssh.com
+            ecdsa-sha2-nistp521-cert-v01@openssh.com
+            ssh-ed25519-cert-v01@openssh.com
+            ssh-rsa-cert-v01@openssh.com
+            ssh-rsa-cert-v00@openssh.com
+          ]
+        end
+
+        def initialize(key, comment: nil)
+          @key = key
+          @comment = comment
+        end
+
+        def matches_key?(server_key)
+          if ssh_types.include?(server_key.ssh_type)
+            server_key.signature_valid? && (server_key.signature_key.to_blob == @key.to_blob)
+          else
+            false
+          end
+        end
+      end
+    end
 
     # Represents the result of a search in known hosts
     # see search_for
@@ -48,10 +105,10 @@ module Net
 
       SUPPORTED_TYPE.push('ssh-ed25519') if Net::SSH::Authentication::ED25519Loader::LOADED
 
-      class <<self
+      class << self
         # Searches all known host files (see KnownHosts.hostfiles) for all keys
         # of the given host. Returns an enumerable of keys found.
-        def search_for(host, options={})
+        def search_for(host, options = {})
           HostKeys.new(search_in(hostfiles(options), host, options), host, self, options)
         end
 
@@ -70,7 +127,7 @@ module Net
         #
         # If you only want the user known host files, you can pass :user as
         # the second option.
-        def hostfiles(options, which=:all)
+        def hostfiles(options, which = :all)
           files = []
 
           files += Array(options[:user_known_hosts_file] || %w[~/.ssh/known_hosts ~/.ssh/known_hosts2]) if which == :all || which == :user
@@ -85,14 +142,12 @@ module Net
         # Looks in all user known host files (see KnownHosts.hostfiles) and tries to
         # add an entry for the given host and key to the first file it is able
         # to.
-        def add(host, key, options={})
+        def add(host, key, options = {})
           hostfiles(options, :user).each do |file|
-            begin
-              KnownHosts.new(file).add(host, key)
-              return
-            rescue SystemCallError
-              # try the next hostfile
-            end
+            KnownHosts.new(file).add(host, key)
+            return
+          rescue SystemCallError
+            # try the next hostfile
           end
         end
       end
@@ -130,7 +185,13 @@ module Net
 
         File.open(source) do |file|
           file.each_line do |line|
-            hosts, type, key_content = line.split(' ')
+            if line.start_with?('@')
+              marker, hosts, type, key_content, comment = line.split(' ')
+            else
+              marker = nil
+              hosts, type, key_content, comment = line.split(' ')
+            end
+
             # Skip empty line or one that is commented
             next if hosts.nil? || hosts.start_with?('#')
 
@@ -145,7 +206,14 @@ module Net
             next unless found
 
             blob = key_content.unpack("m*").first
-            keys << Net::SSH::Buffer.new(blob).read_key
+            raw_key = Net::SSH::Buffer.new(blob).read_key
+
+            keys <<
+              if marker == "@cert-authority"
+                HostKeyEntries::CertAuthority.new(raw_key, comment: comment)
+              else
+                HostKeyEntries::PubKey.new(raw_key, comment: comment)
+              end
           end
         end
 
@@ -155,11 +223,11 @@ module Net
       def match(host, pattern)
         if pattern.include?('*') || pattern.include?('?')
           # see man 8 sshd for pattern details
-          pattern_regexp = pattern.split('*').map do |x|
-            x.split('?').map do |y|
+          pattern_regexp = pattern.split('*', -1).map do |x|
+            x.split('?', -1).map do |y|
               Regexp.escape(y)
             end.join('.')
-          end.join('[^.]*')
+          end.join('.*')
 
           host =~ Regexp.new("\\A#{pattern_regexp}\\z")
         else
@@ -172,11 +240,11 @@ module Net
       def known_host_hash?(hostlist, entries)
         if hostlist.size == 1 && hostlist.first =~ /\A\|1(\|.+){2}\z/
           chunks = hostlist.first.split(/\|/)
-          salt = Base64.decode64(chunks[2])
+          salt = chunks[2].unpack1("m")
           digest = OpenSSL::Digest.new('sha1')
           entries.each do |entry|
             hmac = OpenSSL::HMAC.digest(digest, salt, entry)
-            return true if Base64.encode64(hmac).chomp == chunks[3]
+            return true if [hmac].pack("m").chomp == chunks[3]
           end
         end
         false

data/lib/net/ssh/loggable.rb

@@ -1,6 +1,5 @@
-module Net 
+module Net
   module SSH
-
     # A simple module to make logging easier to deal with. It assumes that the
     # logger instance (if not nil) quacks like a Logger object (in Ruby's
     # standard library). Although used primarily internally by Net::SSH, it
@@ -19,39 +18,39 @@ module Net
       # The logger instance that will be used to log messages. If nil, nothing
       # will be logged.
       attr_accessor :logger
-  
+
       # Displays the result of yielding if the log level is Logger::DEBUG or
       # greater.
       def debug
         logger.add(Logger::DEBUG, nil, facility) { yield } if logger && logger.debug?
       end
-  
+
       # Displays the result of yielding if the log level is Logger::INFO or
       # greater.
       def info
         logger.add(Logger::INFO, nil, facility) { yield } if logger && logger.info?
       end
-  
+
       # Displays the result of yielding if the log level is Logger::WARN or
       # greater. (Called lwarn to avoid shadowing with Kernel#warn.)
       def lwarn
         logger.add(Logger::WARN, nil, facility) { yield } if logger && logger.warn?
       end
-  
+
       # Displays the result of yielding if the log level is Logger:ERROR or
       # greater.
       def error
         logger.add(Logger::ERROR, nil, facility) { yield } if logger && logger.error?
       end
-  
+
       # Displays the result of yielding if the log level is Logger::FATAL or
       # greater.
       def fatal
         logger.add(Logger::FATAL, nil, facility) { yield } if logger && logger.fatal?
       end
-  
+
       private
-  
+
       # Sets the "facility" value, used for reporting where a log message
       # originates. It defaults to the name of class with the object_id
       # appended.

data/lib/net/ssh/packet.rb

@@ -5,7 +5,6 @@ require 'net/ssh/connection/constants'
 
 module Net
   module SSH
-
     # A specialization of Buffer that knows the format of certain common
     # packet types. It auto-parses those packet types, and allows them to
     # be accessed via the #[] accessor.
@@ -85,6 +84,7 @@ module Net
       def [](name)
         name = name.to_sym
         raise ArgumentError, "no such element #{name}" unless @named_elements.key?(name)
+
         @named_elements[name]
       end
 

data/lib/net/ssh/prompt.rb

@@ -1,8 +1,7 @@
 require 'io/console'
 
-module Net 
+module Net
   module SSH
-
     # Default prompt implementation, called for asking password from user.
     # It will never be instantiated directly, but will instead be created for
     # you automatically.
@@ -13,8 +12,8 @@ module Net
     #
     #   prompter = options[:password_prompt].start({type:'password'})
     #   while !ok && max_retries < 3
-    #     user = prompter.ask("user: ", {}, true)
-    #     password = prompter.ask("password: ", {}, false)
+    #     user = prompter.ask("user: ", true)
+    #     password = prompter.ask("password: ", false)
     #     ok = send(user, password)
     #     prompter.sucess if ok
     #   end
@@ -24,9 +23,9 @@ module Net
       def self.default(options = {})
         @default ||= new(options)
       end
-  
+
       def initialize(options = {}); end
-  
+
       # default prompt object implementation. More sophisticated implemenetations
       # might implement caching.
       class Prompter
@@ -36,22 +35,22 @@ module Net
             $stdout.puts(info[:instruction]) unless info[:instruction].empty?
           end
         end
-  
+
         # ask input from user, a prompter might ask for multiple inputs
         # (like user and password) in a single session.
-        def ask(prompt, echo=true)
+        def ask(prompt, echo = true)
           $stdout.print(prompt)
           $stdout.flush
           ret = $stdin.noecho(&:gets).chomp
           $stdout.print("\n")
           ret
         end
-  
+
         # success method will be called when the password was accepted
         # It's a good time to save password asked to a cache.
         def success; end
       end
-  
+
       # start password session. Multiple questions might be asked multiple times
       # on the returned object. Info hash tries to uniquely identify the password
       # session, so caching implementations can save passwords properly.
@@ -59,6 +58,5 @@ module Net
         Prompter.new(info)
       end
     end
-
   end
 end

data/lib/net/ssh/proxy/command.rb

@@ -5,7 +5,6 @@ require 'net/ssh/proxy/errors'
 module Net
   module SSH
     module Proxy
-
       # An implementation of a command proxy. To use it, instantiate it,
       # then pass the instantiated object via the :proxy key to
       # Net::SSH.start:
@@ -105,6 +104,7 @@ module Net
                 if IO.select([self], nil, [self], timeout_in_seconds) == nil
                   raise "Unexpected spurious read wakeup"
                 end
+
                 retry
               end
               result