net-ssh 6.1.0 → 7.3.0

data/lib/net/ssh/buffer.rb

@@ -5,7 +5,6 @@ require 'net/ssh/authentication/ed25519_loader'
 
 module Net
   module SSH
-
     # Net::SSH::Buffer is a flexible class for building and parsing binary
     # data packets. It provides a stream-like interface for sequentially
     # reading data items from the buffer, as well as a useful helper method
@@ -71,7 +70,7 @@ module Net
 
       # Creates a new buffer, initialized to the given content. The position
       # is initialized to the beginning of the buffer.
-      def initialize(content="")
+      def initialize(content = String.new)
         @content = content.to_s
         @position = 0
       end
@@ -118,7 +117,7 @@ module Net
       # Resets the buffer, making it empty. Also, resets the read position to
       # 0.
       def clear!
-        @content = ""
+        @content = String.new
         @position = 0
       end
 
@@ -129,12 +128,12 @@ module Net
       # would otherwise tend to grow without bound.
       #
       # Returns the buffer object itself.
-      def consume!(n=position)
+      def consume!(n = position)
         if n >= length
           # optimize for a fairly common case
           clear!
         elsif n > 0
-          @content = @content[n..-1] || ""
+          @content = @content[n..-1] || String.new
           @position -= n
           @position = 0 if @position < 0
         end
@@ -172,7 +171,7 @@ module Net
       # Reads and returns the next +count+ bytes from the buffer, starting from
       # the read position. If +count+ is +nil+, this will return all remaining
       # text in the buffer. This method will increment the pointer.
-      def read(count=nil)
+      def read(count = nil)
         count ||= length
         count = length - @position if @position + count > length
         @position += count
@@ -181,7 +180,7 @@ module Net
 
       # Reads (as #read) and returns the given number of bytes from the buffer,
       # and then consumes (as #consume!) all data up to the new read position.
-      def read!(count=nil)
+      def read!(count = nil)
         data = read(count)
         consume!
         data
@@ -237,6 +236,7 @@ module Net
       def read_bignum
         data = read_string
         return unless data
+
         OpenSSL::BN.new(data, 2)
       end
 
@@ -251,7 +251,6 @@ module Net
       def read_private_keyblob(type)
         case type
         when /^ssh-rsa$/
-          key = OpenSSL::PKey::RSA.new
           n = read_bignum
           e = read_bignum
           d = read_bignum
@@ -262,27 +261,30 @@ module Net
           _unkown2 = read_bignum
           dmp1 = d % (p - 1)
           dmq1 = d % (q - 1)
-          if key.respond_to?(:set_key)
-            key.set_key(n, e, d)
-          else
-            key.e = e
-            key.n = n
-            key.d = d
-          end
-          if key.respond_to?(:set_factors)
-            key.set_factors(p, q)
-          else
-            key.p = p
-            key.q = q
-          end
-          if key.respond_to?(:set_crt_params)
-            key.set_crt_params(dmp1, dmq1, iqmp)
-          else
-            key.dmp1 = dmp1
-            key.dmq1 = dmq1
-            key.iqmp = iqmp
+          # Public key
+          data_sequence = OpenSSL::ASN1::Sequence([
+                                                    OpenSSL::ASN1::Integer(n),
+                                                    OpenSSL::ASN1::Integer(e)
+                                                  ])
+
+          if d && p && q && dmp1 && dmq1 && iqmp
+            data_sequence = OpenSSL::ASN1::Sequence([
+                                                      OpenSSL::ASN1::Integer(0),
+                                                      OpenSSL::ASN1::Integer(n),
+                                                      OpenSSL::ASN1::Integer(e),
+                                                      OpenSSL::ASN1::Integer(d),
+                                                      OpenSSL::ASN1::Integer(p),
+                                                      OpenSSL::ASN1::Integer(q),
+                                                      OpenSSL::ASN1::Integer(dmp1),
+                                                      OpenSSL::ASN1::Integer(dmq1),
+                                                      OpenSSL::ASN1::Integer(iqmp)
+                                                    ])
           end
-          key
+
+          asn1 = OpenSSL::ASN1::Sequence(data_sequence)
+          OpenSSL::PKey::RSA.new(asn1.to_der)
+        when /^ecdsa\-sha2\-(\w*)$/
+          OpenSSL::PKey::EC.read_keyblob($1, self)
         else
           raise Exception, "Cannot decode private key of type #{type}"
         end
@@ -295,29 +297,42 @@ module Net
         when /^(.*)-cert-v01@openssh\.com$/
           key = Net::SSH::Authentication::Certificate.read_certblob(self, $1)
         when /^ssh-dss$/
-          key = OpenSSL::PKey::DSA.new
-          if key.respond_to?(:set_pqg)
-            key.set_pqg(read_bignum, read_bignum, read_bignum)
-          else
-            key.p = read_bignum
-            key.q = read_bignum
-            key.g = read_bignum
-          end
-          if key.respond_to?(:set_key)
-            key.set_key(read_bignum, nil)
-          else
-            key.pub_key = read_bignum
-          end
+          p = read_bignum
+          q = read_bignum
+          g = read_bignum
+          pub_key = read_bignum
+
+          asn1 = OpenSSL::ASN1::Sequence.new(
+            [
+              OpenSSL::ASN1::Sequence.new(
+                [
+                  OpenSSL::ASN1::ObjectId.new('DSA'),
+                  OpenSSL::ASN1::Sequence.new(
+                    [
+                      OpenSSL::ASN1::Integer.new(p),
+                      OpenSSL::ASN1::Integer.new(q),
+                      OpenSSL::ASN1::Integer.new(g)
+                    ]
+                  )
+                ]
+              ),
+              OpenSSL::ASN1::BitString.new(OpenSSL::ASN1::Integer.new(pub_key).to_der)
+            ]
+          )
+
+          key = OpenSSL::PKey::DSA.new(asn1.to_der)
         when /^ssh-rsa$/
-          key = OpenSSL::PKey::RSA.new
-          if key.respond_to?(:set_key)
-            e = read_bignum
-            n = read_bignum
-            key.set_key(n, e, nil)
-          else
-            key.e = read_bignum
-            key.n = read_bignum
-          end
+          e = read_bignum
+          n = read_bignum
+
+          asn1 = OpenSSL::ASN1::Sequence(
+            [
+              OpenSSL::ASN1::Integer(n),
+              OpenSSL::ASN1::Integer(e)
+            ]
+          )
+
+          key = OpenSSL::PKey::RSA.new(asn1.to_der)
         when /^ssh-ed25519$/
           Net::SSH::Authentication::ED25519Loader.raiseUnlessLoaded("unsupported key type `#{type}'")
           key = Net::SSH::Authentication::ED25519::PubKey.read_keyblob(self)
@@ -346,7 +361,12 @@ module Net
       # Optimized version of write where the caller gives up ownership of string
       # to the method. This way we can mutate the string.
       def write_moved(string)
-        @content << string.force_encoding('BINARY')
+        @content <<
+          if string.frozen?
+            string.dup.force_encoding('BINARY')
+          else
+            string.force_encoding('BINARY')
+          end
         self
       end
 

data/lib/net/ssh/buffered_io.rb

@@ -1,9 +1,8 @@
 require 'net/ssh/buffer'
 require 'net/ssh/loggable'
 
-module Net 
+module Net
   module SSH
-
     # This module is used to extend sockets and other IO objects, to allow
     # them to be buffered for both read and write. This abstraction makes it
     # quite easy to write a select-based event loop
@@ -48,21 +47,21 @@ module Net
     #   end
     module BufferedIo
       include Loggable
-  
+
       # Called when the #extend is called on an object, with this module as the
       # argument. It ensures that the modules instance variables are all properly
       # initialized.
-      def self.extended(object) #:nodoc:
+      def self.extended(object) # :nodoc:
         # need to use __send__ because #send is overridden in Socket
         object.__send__(:initialize_buffered_io)
       end
-  
+
       # Tries to read up to +n+ bytes of data from the remote end, and appends
       # the data to the input buffer. It returns the number of bytes read, or 0
       # if no data was available to be read.
-      def fill(n=8192)
+      def fill(n = 8192)
         input.consume!
-        data = recv(n)
+        data = recv(n) || ""
         debug { "read #{data.length} bytes" }
         input.append(data)
         return data.length
@@ -70,31 +69,31 @@ module Net
         @input_errors << e
         return 0
       end
-  
+
       # Read up to +length+ bytes from the input buffer. If +length+ is nil,
       # all available data is read from the buffer. (See #available.)
-      def read_available(length=nil)
+      def read_available(length = nil)
         input.read(length || available)
       end
-  
+
       # Returns the number of bytes available to be read from the input buffer.
       # (See #read_available.)
       def available
         input.available
       end
-  
+
       # Enqueues data in the output buffer, to be written when #send_pending
       # is called. Note that the data is _not_ sent immediately by this method!
       def enqueue(data)
         output.append(data)
       end
-  
+
       # Returns +true+ if there is data waiting in the output buffer, and
       # +false+ otherwise.
       def pending_write?
         output.length > 0
       end
-  
+
       # Sends as much of the pending output as possible. Returns +true+ if any
       # data was sent, and +false+ otherwise.
       def send_pending
@@ -107,7 +106,7 @@ module Net
           return false
         end
       end
-  
+
       # Calls #send_pending repeatedly, if necessary, blocking until the output
       # buffer is empty.
       def wait_for_pending_sends
@@ -115,31 +114,32 @@ module Net
         while output.length > 0
           result = IO.select(nil, [self]) or next
           next unless result[1].any?
+
           send_pending
         end
       end
-  
+
       public # these methods are primarily for use in tests
-  
-      def write_buffer #:nodoc:
+
+      def write_buffer # :nodoc:
         output.to_s
       end
-  
-      def read_buffer #:nodoc:
+
+      def read_buffer # :nodoc:
         input.to_s
       end
-  
+
       private
-  
+
       #--
       # Can't use attr_reader here (after +private+) without incurring the
       # wrath of "ruby -w". We hates it.
       #++
-  
+
       def input; @input; end
 
       def output; @output; end
-  
+
       # Initializes the intput and output buffers for this object. This method
       # is called automatically when the module is mixed into an object via
       # Object#extend (see Net::SSH::BufferedIo.extended), but must be called
@@ -166,7 +166,7 @@ module Net
     #    http://github.com/net-ssh/net-ssh/tree/portfwfix
     #
     module ForwardedBufferedIo
-      def fill(n=8192)
+      def fill(n = 8192)
         begin
           super(n)
         rescue Errno::ECONNRESET => e
@@ -181,7 +181,7 @@ module Net
           end
         end
       end
-  
+
       def send_pending
         begin
           super
@@ -198,6 +198,5 @@ module Net
         end
       end
     end
-
   end
 end

data/lib/net/ssh/config.rb

@@ -1,6 +1,5 @@
 module Net
   module SSH
-
     # The Net::SSH::Config class is used to parse OpenSSH configuration files,
     # and translates that syntax into the configuration syntax that Net::SSH
     # understands. This lets Net::SSH scripts read their configuration (to
@@ -34,7 +33,7 @@ module Net
     # * ProxyJump => maps to the :proxy option
     # * PubKeyAuthentication => maps to the :auth_methods option
     # * RekeyLimit => :rekey_limit
-    # * StrictHostKeyChecking => :strict_host_key_checking
+    # * StrictHostKeyChecking => :verify_host_key
     # * User => :user
     # * UserKnownHostsFile => :user_known_hosts_file
     # * NumberOfPasswordPrompts => :number_of_password_prompts
@@ -66,7 +65,7 @@ module Net
         # given +files+ (defaulting to the list of files returned by
         # #default_files), translates the resulting hash into the options
         # recognized by Net::SSH, and returns them.
-        def for(host, files=expandable_default_files)
+        def for(host, files = expandable_default_files)
           translate(files.inject({}) { |settings, file|
             load(file, host, settings)
           })
@@ -78,7 +77,7 @@ module Net
         # ones. Returns a hash containing the OpenSSH options. (See
         # #translate for how to convert the OpenSSH options into Net::SSH
         # options.)
-        def load(path, host, settings={}, base_dir = nil)
+        def load(path, host, settings = {}, base_dir = nil)
           file = File.expand_path(path)
           base_dir ||= File.dirname(file)
           return settings unless File.readable?(file)
@@ -186,17 +185,35 @@ module Net
         # Filters default_files down to the files that are expandable.
         def expandable_default_files
           default_files.keep_if do |path|
-            begin
-              File.expand_path(path)
-              true
-            rescue ArgumentError
-              false
-            end
+            File.expand_path(path)
+            true
+          rescue ArgumentError
+            false
           end
         end
 
         private
 
+        def translate_verify_host_key(value)
+          case value
+          when false
+            :never
+          when true
+            :always
+          when 'accept-new'
+            :accept_new
+          end
+        end
+
+        def translate_keepalive(hash, value)
+          if value && value.to_i > 0
+            hash[:keepalive] = true
+            hash[:keepalive_interval] = value.to_i
+          else
+            hash[:keepalive] = false
+          end
+        end
+
         TRANSLATE_CONFIG_KEY_RENAME_MAP = {
           bindaddress: :bind_address,
           compression: :compression,
@@ -211,13 +228,14 @@ module Net
           identityfile: :keys,
           fingerprinthash: :fingerprint_hash,
           port: :port,
-          stricthostkeychecking: :strict_host_key_checking,
           user: :user,
           userknownhostsfile: :user_known_hosts_file,
           checkhostip: :check_host_ip
         }.freeze
         def translate_config_key(hash, key, value, settings)
           case key
+          when :stricthostkeychecking
+            hash[:verify_host_key] = translate_verify_host_key(value)
           when :ciphers
             hash[:encryption] = value.split(/,/)
           when :hostbasedauthentication
@@ -235,12 +253,7 @@ module Net
           when :serveralivecountmax
             hash[:keepalive_maxcount] = value.to_i if value
           when :serveraliveinterval
-            if value && value.to_i > 0
-              hash[:keepalive] = true
-              hash[:keepalive_interval] = value.to_i
-            else
-              hash[:keepalive] = false
-            end
+            translate_keepalive(hash, value)
           when :passwordauthentication
             if value
               (hash[:auth_methods] << 'password').uniq!
@@ -302,9 +315,9 @@ module Net
         # host names.
         def pattern2regex(pattern)
           tail = pattern
-          prefix = ""
+          prefix = String.new
           while !tail.empty? do
-            head,sep,tail = tail.partition(/[\*\?]/)
+            head, sep, tail = tail.partition(/[\*\?]/)
             prefix = prefix + Regexp.quote(head)
             case sep
             when '*'
@@ -358,7 +371,7 @@ module Net
 
           conditions = conditions.each_slice(2)
           condition_matches = []
-          conditions.each do |(kind,exprs)|
+          conditions.each do |(kind, exprs)|
             exprs = unquote(exprs)
 
             case kind.downcase