net-ssh 2.1.0 → 2.1.3

data/CHANGELOG.rdoc

@@ -1,9 +1,21 @@
 
 
+=== 2.1.3 / 2 Mar 2011
+
+* Call to transport.closed should be transport.close [Woon Jung]
+
+
+=== 2.1.2 / 1 Mar 2011
+
+* Fix for Net::SSH Continues to attempt authentication when notified it is not allowed [Eric Hodel]
+    (see: http://net-ssh.lighthouseapp.com/projects/36253-net-ssh/tickets/26)
+* Fix for transport won't be closed if authentication fails [Patrick Marchi]
+
+
 === 2.1 / 19 Jan 2011
 
-* Support "IdentitiesOnly" directive [Edmund Haselwanter]
-* Speeding up the Loggable module [robbebob]
+* Support "IdentitiesOnly" directive (LH-24) [Musy Bite, Edmund Haselwanter]
+* Speeding up the Loggable module (LH-23) [robbebob]
 
 
 === 2.0.24 / 14 Jan 2011

data/README.rdoc

@@ -117,6 +117,47 @@ which should produce the following:
     arcfour512: [64, 8] OpenSSL::Cipher::Cipher
     
 
+== RUNNING TESTS
+
+Run the test suite from the net-ssh directory with the following command:
+
+     ruby -Ilib -Itest -rrubygems test/test_all.rb
+
+Run a single test file like this:
+
+     ruby -Ilib -Itest -rrubygems test/transport/test_server_version.rb
+
+
+=== EXPECTED RESULTS
+
+* Ruby 1.8: all tests pass
+
+* Ruby 1.9: all tests pass
+
+* JRuby 1.5: 99% tests pass (448 tests, 1846 assertions, 1 failures)
+
+
+=== PORT FORWARDING TESTS
+
+     ruby -Ilib -Itest -rrubygems test/manual/test_forward.rb
+
+test_forward.rb must be run separately from the test suite because
+it requires authorizing your public SSH keys on you localhost.
+
+If you already have keys you can do this:
+
+     cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
+
+If you don't have keys see:
+
+     http://kimmo.suominen.com/docs/ssh/#ssh-keygen
+
+You should now be able to login to your localhost with out
+bring prompted for a password:
+
+     ssh localhost
+
+
 == LICENSE:
 
 (The MIT License)

data/Rakefile

@@ -57,7 +57,7 @@ end
 if @spec.rubyforge_project
   desc 'Publish website to rubyforge'
   task 'publish:rdoc' => 'doc/index.html' do
-    sh "scp -rp doc/* rubyforge.org:/var/www/gforge-projects/#{name}/ssh/v2/api/"
+    sh "scp -r doc/* rubyforge.org:/var/www/gforge-projects/#{name}/ssh/v2/api/"
   end
 
   desc 'Public release to rubyforge'

data/lib/net/ssh.rb

@@ -193,6 +193,7 @@ module Net
           return connection
         end
       else
+        transport.close
         raise AuthenticationFailed, user
       end
     end

data/lib/net/ssh/authentication/key_manager.rb

@@ -135,7 +135,7 @@ module Net
           if info[:key].nil? && info[:from] == :file
             begin
               info[:key] = KeyFactory.load_private_key(info[:file], options[:passphrase])
-            rescue Exception => e 
+            rescue Exception, OpenSSL::OpenSSLError => e 
               raise KeyManagerError, "the given identity is known, but the private key could not be loaded: #{e.class} (#{e.message})"
             end
           end

data/lib/net/ssh/authentication/methods/hostbased.rb

@@ -51,6 +51,10 @@ module Net
                   return true
                 when USERAUTH_FAILURE
                   info { "hostbased failed (#{identity.fingerprint})" }
+
+                  raise Net::SSH::Authentication::DisallowedMethod unless
+                    message[:authentications].split(/,/).include? 'hostbased'
+
                   return false
                 else
                   raise Net::SSH::Exception, "unexpected server response to USERAUTH_REQUEST: #{message.type} (#{message.inspect})"

data/lib/net/ssh/authentication/methods/keyboard_interactive.rb

@@ -27,6 +27,10 @@ module Net
                 return true
               when USERAUTH_FAILURE
                 debug { "keyboard-interactive failed" }
+
+                raise Net::SSH::Authentication::DisallowedMethod unless
+                  message[:authentications].split(/,/).include? 'keyboard-interactive'
+
                 return false
               when USERAUTH_INFO_REQUEST
                 name = message.read_string

data/lib/net/ssh/authentication/methods/password.rb

@@ -23,6 +23,10 @@ module Net
                 return true
               when USERAUTH_FAILURE
                 debug { "password failed" }
+
+                raise Net::SSH::Authentication::DisallowedMethod unless
+                  message[:authentications].split(/,/).include? 'password'
+
                 return false
               when USERAUTH_PASSWD_CHANGEREQ
                 debug { "password change request received, failing" }

data/lib/net/ssh/authentication/methods/publickey.rb

@@ -70,6 +70,10 @@ module Net
                       return true
                     when USERAUTH_FAILURE
                       debug { "publickey failed (#{identity.fingerprint})" }
+
+                      raise Net::SSH::Authentication::DisallowedMethod unless
+                        message[:authentications].split(/,/).include? 'publickey'
+
                       return false
                     else
                       raise Net::SSH::Exception,

data/lib/net/ssh/authentication/session.rb

@@ -9,6 +9,10 @@ require 'net/ssh/authentication/methods/keyboard_interactive'
 
 module Net; module SSH; module Authentication
 
+  # Raised if the current authentication method is not allowed
+  class DisallowedMethod < Net::SSH::Exception
+  end
+
   # Represents an authentication session. It manages the authentication of
   # a user over an established connection (the "transport" object, see
   # Net::SSH::Transport::Session).
@@ -59,13 +63,16 @@ module Net; module SSH; module Authentication
       attempted = []
 
       @auth_methods.each do |name|
-        next unless @allowed_auth_methods.include?(name)
-        attempted << name
+        begin
+          next unless @allowed_auth_methods.include?(name)
+          attempted << name
 
-        debug { "trying #{name}" }
-        method = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join).new(self, :key_manager => key_manager)
+          debug { "trying #{name}" }
+          method = Methods.const_get(name.split(/\W+/).map { |p| p.capitalize }.join).new(self, :key_manager => key_manager)
 
-        return true if method.authenticate(next_service, username, password)
+          return true if method.authenticate(next_service, username, password)
+        rescue Net::SSH::Authentication::DisallowedMethod
+        end
       end
 
       error { "all authorization methods failed (tried #{attempted.join(', ')})" }
@@ -131,4 +138,4 @@ module Net; module SSH; module Authentication
         Array(options[:key_data])
       end
   end
-end; end; end
+end; end; end

data/lib/net/ssh/version.rb

@@ -51,7 +51,7 @@ module Net; module SSH
     MINOR = 1
 
     # The tiny component of this version of the Net::SSH library
-    TINY  = 0
+    TINY  = 3
 
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(MAJOR, MINOR, TINY)

data/net-ssh.gemspec

@@ -1,7 +1,7 @@
 @spec = Gem::Specification.new do |s|
 	s.name = "net-ssh"
         s.rubyforge_project = 'net-ssh'
-	s.version = "2.1.0"
+	s.version = "2.1.3"
 	s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
 	s.description = s.summary
 	s.authors = ["Jamis Buck", "Delano Mandelbaum"]

data/test/README.txt

@@ -1,4 +1,4 @@
-2010-03-16
+2011-01-19
 
 RUNNING TESTS
 
@@ -17,7 +17,7 @@ EXPECTED RESULTS
 
 * Ruby 1.9: all tests pass
 
-* JRuby 1.4: 96% tests pass (242 tests, 554 assertions, 0 failures, 8 errors)
+* JRuby 1.5: 99% tests pass (448 tests, 1846 assertions, 1 failures)
 
 
 PORT FORWARDING TESTS

data/test/authentication/methods/test_keyboard_interactive.rb

@@ -10,7 +10,7 @@ module Authentication; module Methods
     USERAUTH_INFO_REQUEST  = 60
     USERAUTH_INFO_RESPONSE = 61
 
-    def test_authenticate_should_be_false_when_server_does_not_support_this_method
+    def test_authenticate_should_raise_if_keyboard_interactive_disallowed
       transport.expect do |t,packet|
         assert_equal USERAUTH_REQUEST, packet.type
         assert_equal "jamis", packet.read_string
@@ -22,7 +22,9 @@ module Authentication; module Methods
         t.return(USERAUTH_FAILURE, :string, "password")
       end
 
-      assert_equal false, subject.authenticate("ssh-connection", "jamis")
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis")
+      end
     end
 
     def test_authenticate_should_be_false_if_given_password_is_not_accepted
@@ -33,7 +35,7 @@ module Authentication; module Methods
           assert_equal USERAUTH_INFO_RESPONSE, packet2.type
           assert_equal 1, packet2.read_long
           assert_equal "the-password", packet2.read_string
-          t2.return(USERAUTH_FAILURE, :string, "publickey")
+          t2.return(USERAUTH_FAILURE, :string, "keyboard-interactive")
         end
       end
 
@@ -95,4 +97,4 @@ module Authentication; module Methods
       end
   end
 
-end; end
+end; end

data/test/authentication/methods/test_password.rb

@@ -7,7 +7,7 @@ module Authentication; module Methods
   class TestPassword < Test::Unit::TestCase
     include Common
 
-    def test_authenticate_when_password_is_unacceptible_should_return_false
+    def test_authenticate_should_raise_if_password_disallowed
       transport.expect do |t,packet|
         assert_equal USERAUTH_REQUEST, packet.type
         assert_equal "jamis", packet.read_string
@@ -19,7 +19,9 @@ module Authentication; module Methods
         t.return(USERAUTH_FAILURE, :string, "publickey")
       end
 
-      assert !subject.authenticate("ssh-connection", "jamis", "the-password")
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis", "the-password")
+      end
     end
 
     def test_authenticate_when_password_is_acceptible_should_return_true

data/test/authentication/methods/test_publickey.rb

@@ -31,6 +31,27 @@ module Authentication; module Methods
       assert_equal false, subject.authenticate("ssh-connection", "jamis")
     end
 
+    def test_authenticate_should_raise_if_publickey_disallowed
+      key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
+
+      transport.expect do |t, packet|
+        assert_equal USERAUTH_REQUEST, packet.type
+        assert verify_userauth_request_packet(packet, keys.first, false)
+        t.return(USERAUTH_PK_OK, :string, keys.first.ssh_type, :string, Net::SSH::Buffer.from(:key, keys.first))
+
+        t.expect do |t2,packet2|
+          assert_equal USERAUTH_REQUEST, packet2.type
+          assert verify_userauth_request_packet(packet2, keys.first, true)
+          assert_equal "sig-one", packet2.read_string
+          t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
+        end
+      end
+
+      assert_raises Net::SSH::Authentication::DisallowedMethod do
+        subject.authenticate("ssh-connection", "jamis")
+      end
+    end
+
     def test_authenticate_should_return_false_if_signature_exchange_fails
       key_manager.expects(:sign).with(&signature_parameters(keys.first)).returns("sig-one")
       key_manager.expects(:sign).with(&signature_parameters(keys.last)).returns("sig-two")
@@ -44,7 +65,7 @@ module Authentication; module Methods
           assert_equal USERAUTH_REQUEST, packet2.type
           assert verify_userauth_request_packet(packet2, keys.first, true)
           assert_equal "sig-one", packet2.read_string
-          t2.return(USERAUTH_FAILURE, :string, "hostbased,password")
+          t2.return(USERAUTH_FAILURE, :string, "publickey")
 
           t2.expect do |t3, packet3|
             assert_equal USERAUTH_REQUEST, packet3.type
@@ -55,7 +76,7 @@ module Authentication; module Methods
               assert_equal USERAUTH_REQUEST, packet4.type
               assert verify_userauth_request_packet(packet4, keys.last, true)
               assert_equal "sig-two", packet4.read_string
-              t4.return(USERAUTH_FAILURE, :string, "hostbased,password")
+              t4.return(USERAUTH_FAILURE, :string, "publickey")
             end
           end
         end

data/test/authentication/test_key_manager.rb

@@ -32,7 +32,7 @@ module Authentication
       manager.stubs(:agent).returns(nil)
 
       stub_file_key "/first", rsa
-      stub_file_key "/second", dsa      
+      stub_file_key "/second", dsa
 
       identities = []
       manager.each_identity { |identity| identities << identity }
@@ -40,7 +40,7 @@ module Authentication
       assert_equal 2, identities.length
       assert_equal rsa.to_blob, identities.first.to_blob
       assert_equal dsa.to_blob, identities.last.to_blob
-      
+
       assert_equal({:from => :file, :file => "/first", :key => rsa}, manager.known_identities[rsa])
       assert_equal({:from => :file, :file => "/second", :key => dsa}, manager.known_identities[dsa])
     end
@@ -82,15 +82,25 @@ module Authentication
 
     def test_sign_with_file_originated_key_should_load_private_key_and_sign_with_it
       manager.stubs(:agent).returns(nil)
-      stub_file_key "/first", rsa(512), true
+      stub_file_key "/first", rsa(512)
       rsa.expects(:ssh_do_sign).with("hello, world").returns("abcxyz123")
       manager.each_identity { |identity| } # preload the known_identities
       assert_equal "\0\0\0\assh-rsa\0\0\0\011abcxyz123", manager.sign(rsa, "hello, world")
     end
 
+    def test_sign_with_file_originated_key_should_raise_key_manager_error_if_unloadable
+      manager.known_identities[rsa] = { :from => :file, :file => "/first" }
+
+      Net::SSH::KeyFactory.expects(:load_private_key).raises(OpenSSL::PKey::RSAError)
+
+      assert_raises Net::SSH::Authentication::KeyManagerError do
+        manager.sign(rsa, "hello, world")
+      end
+    end
+
     private
 
-      def stub_file_key(name, key, also_private=false)
+      def stub_file_key(name, key)
         manager.add(name)
         File.expects(:readable?).with(name).returns(true)
         File.expects(:readable?).with(name + ".pub").returns(false)

data/test/authentication/test_session.rb

@@ -12,6 +12,19 @@ module Authentication
       assert_equal session.auth_methods, session.allowed_auth_methods
     end
 
+    def test_authenticate_should_continue_if_method_disallowed
+      transport.expect do |t, packet|
+        assert_equal SERVICE_REQUEST, packet.type
+        assert_equal "ssh-userauth", packet.read_string
+        t.return(SERVICE_ACCEPT)
+      end
+
+      Net::SSH::Authentication::Methods::Publickey.any_instance.expects(:authenticate).with("next service", "username", "password").raises(Net::SSH::Authentication::DisallowedMethod)
+      Net::SSH::Authentication::Methods::Hostbased.any_instance.expects(:authenticate).with("next service", "username", "password").returns(true)
+
+      assert session.authenticate("next service", "username", "password")
+    end
+
     def test_authenticate_should_raise_error_if_service_request_fails
       transport.expect do |t, packet|
         assert_equal SERVICE_REQUEST, packet.type

metadata

@@ -1,13 +1,8 @@
 --- !ruby/object:Gem::Specification 
 name: net-ssh
 version: !ruby/object:Gem::Version 
-  hash: 11
-  prerelease: false
-  segments: 
-  - 2
-  - 1
-  - 0
-  version: 2.1.0
+  prerelease: 
+  version: 2.1.3
 platform: ruby
 authors: 
 - Jamis Buck
@@ -16,7 +11,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-01-20 00:00:00 -05:00
+date: 2011-03-02 00:00:00 -05:00
 default_executable: 
 dependencies: []
 
@@ -164,23 +159,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
       version: "0"
 requirements: []
 
 rubyforge_project: net-ssh
-rubygems_version: 1.3.7
+rubygems_version: 1.5.2
 signing_key: 
 specification_version: 3
 summary: "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."