net-ssh 2.7.0 → 2.8.0

data/CHANGES.txt

@@ -1,5 +1,22 @@
 
 
+=== 2.8.0 / 01 Feb 2014
+
+* Handle ssh-rsa and ssh-dss certificate files [bobveznat]
+* Correctly interpret /etc/ssh_config Authentication settings based on openssh /etc/ssh_config system defaults [therealjessesanford, liggitt]
+* Fixed pageant support for Windows [jarredholman]
+* Support %r in ProxyCommand configuration in ssh_config files as defined in OpenSSH [yugui]
+* Don't use ssh-agent if :keys_only is true [SFEley]
+* Fix the bug in keys with comments [bobtfish]
+* Add a failing tests for options in pub keys [bobtfish]
+* Assert that the return value from ssh block is returned [carlhoerberg]
+* Don't close the connection it's already closed [carlhoerberg]
+* Ensure the connection closes even on exception [carlhoerberg]
+* Make the authentication error message more useful [deric]
+* Fix "ConnectionError" typo in lib/net/ssh/proxy/socks5.rb [mirakui]
+* Allow KeyManager to recover from incompatible agents [ecki, delano]
+* Fix for "Authentication Method determination can pick up a class from the root namespace" [dave.sieh]
+
 === 2.7.0 / 11 Sep 2013
 
 * Fix for 'Could not parse PKey: no start line' error on private keys with passphrases (issue #101) [metametaclass]

data/THANKS.txt

@@ -19,6 +19,30 @@ Chris Andrews <chris@nodnol.org> and Lee Jensen <lee@outerim.com>
 Hiroshi Nakamura
   * fixed errors with JRuby tests
 
+bobveznat
+therealjessesanford
+liggitt
+jarredholman
+yugui
+SFEley
+bobtfish
+carlhoerberg
+deric
+mirakui
+ecki
+Dave Sieh
+metametaclass
+fnordfish
+krishicks
+noric
+GabKlein
+Josh Kalderimis
+voxik
+Olipro
+jansegre
+priteau
+jordimassaguerpla
+Kenichi Kamiya
 Andreas Wolff
 mhuffnagle
 ohrite
@@ -83,3 +107,4 @@ watsonian
 Grant Hutchins
 Michael Schubert
 mtrudel
+Aurélien Derouineau

data/lib/net/ssh.rb

@@ -204,15 +204,17 @@ module Net
       if auth.authenticate("ssh-connection", user, options[:password])
         connection = Connection::Session.new(transport, options)
         if block_given?
-          retval = yield connection
-          connection.close
-          retval
+          begin
+            yield connection
+          ensure
+            connection.close unless connection.closed?
+          end
         else
           return connection
         end
       else
         transport.close
-        raise AuthenticationFailed, user
+        raise AuthenticationFailed, "Authentication failed for user #{user}@#{host}"
       end
     end
 

data/lib/net/ssh/authentication/agent/socket.rb

@@ -76,9 +76,9 @@ module Net; module SSH; module Authentication
       type, body = send_and_wait(SSH2_AGENT_REQUEST_VERSION, :string, Transport::ServerVersion::PROTO_VERSION)
 
       if type == SSH2_AGENT_VERSION_RESPONSE
-        raise NotImplementedError, "SSH2 agents are not yet supported"
+        raise AgentNotAvailable, "SSH2 agents are not yet supported"
       elsif type != SSH_AGENT_RSA_IDENTITIES_ANSWER1 && type != SSH_AGENT_RSA_IDENTITIES_ANSWER2
-        raise AgentError, "unknown response from agent: #{type}, #{body.to_s.inspect}"
+        raise AgentNotAvailable, "unknown response from agent: #{type}, #{body.to_s.inspect}"
       end
     end
 
@@ -126,7 +126,7 @@ module Net; module SSH; module Authentication
     # Returns the agent socket factory to use.
     def agent_socket_factory
       if Net::SSH::Authentication::PLATFORM == :win32
-        Pageant::socket_factory
+        Pageant::Socket
       else
         UNIXSocket
       end

data/lib/net/ssh/authentication/key_manager.rb

@@ -12,7 +12,7 @@ module Net
 
       # This class encapsulates all operations done by clients on a user's
       # private keys. In practice, the client should never need a reference
-      # to a private key; instead, they grab a list of "identities" (public 
+      # to a private key; instead, they grab a list of "identities" (public
       # keys) that are available from the KeyManager, and then use
       # the KeyManager to do various private key operations using those
       # identities.
@@ -37,12 +37,13 @@ module Net
         attr_reader :options
 
         # Create a new KeyManager. By default, the manager will
-        # use the ssh-agent (if it is running).
+        # use the ssh-agent if it is running and the `:keys_only` option
+        # is not true.
         def initialize(logger, options={})
           self.logger = logger
           @key_files = []
           @key_data = []
-          @use_agent = true
+          @use_agent = !options[:keys_only]
           @known_identities = {}
           @agent = nil
           @options = options
@@ -91,9 +92,8 @@ module Net
         # ssh-agent. Note that identities from an ssh-agent are always listed
         # first in the array, with other identities coming after.
         #
-        # If key manager was created with :keys_only option, any identity
-        # from ssh-agent will be ignored unless it present in key_files or
-        # key_data.
+        # If key manager was created with :keys_only option, no identities
+        # from ssh-agent will be loaded.
         def each_identity
           prepared_identities = prepare_identities_from_files + prepare_identities_from_data
 
@@ -139,7 +139,7 @@ module Net
           if info[:key].nil? && info[:from] == :file
             begin
               info[:key] = KeyFactory.load_private_key(info[:file], options[:passphrase], true)
-            rescue Exception, OpenSSL::OpenSSLError => e 
+            rescue Exception, OpenSSL::OpenSSLError => e
               raise KeyManagerError, "the given identity is known, but the private key could not be loaded: #{e.class} (#{e.message})"
             end
           end

data/lib/net/ssh/authentication/pageant.rb

@@ -110,21 +110,49 @@ module Net; module SSH; module Authentication
             "pageant process not running"
         end
 
-        @res = nil
-        @pos = 0
+        @input_buffer = Net::SSH::Buffer.new
+        @output_buffer = Net::SSH::Buffer.new
       end
 
       # Forwards the data to #send_query, ignoring any arguments after
-      # the first. Returns 0.
+      # the first.
       def send(data, *args)
-        @res = send_query(data)
-        @pos = 0
+        @input_buffer.append(data)
+        
+        ret = data.length
+        
+        while true
+          return ret if @input_buffer.length < 4
+          msg_length = @input_buffer.read_long + 4
+          @input_buffer.reset!
+      
+          return ret if @input_buffer.length < msg_length
+          msg = @input_buffer.read!(msg_length)
+          @output_buffer.append(send_query(msg))
+        end
+      end
+      
+      # Reads +n+ bytes from the cached result of the last query. If +n+
+      # is +nil+, returns all remaining data from the last query.
+      def read(n = nil)
+        @output_buffer.read(n)
       end
 
+      def close
+      end
+      
+      def send_query(query)
+        if RUBY_VERSION < "1.9"
+          send_query_18(query)
+        else
+          send_query_19(query)
+        end
+      end
+      
       # Packages the given query string and sends it to the pageant
       # process via the Windows messaging subsystem. The result is
       # cached, to be returned piece-wise when #read is called.
-      def send_query(query)
+      def send_query_18(query)
         res = nil
         filemap = 0
         ptr = nil
@@ -165,43 +193,10 @@ module Net; module SSH; module Authentication
         Win.closeHandle(filemap) if filemap != 0
       end
 
-      # Conceptually close the socket. This doesn't really do anthing
-      # significant, but merely complies with the Socket interface.
-      def close
-        @res = nil
-        @pos = 0
-      end
-
-      # Conceptually asks if the socket is closed. As with #close,
-      # this doesn't really do anything significant, but merely
-      # complies with the Socket interface.
-      def closed?
-        @res.nil? && @pos.zero?
-      end
-
-      # Reads +n+ bytes from the cached result of the last query. If +n+
-      # is +nil+, returns all remaining data from the last query.
-      def read(n = nil)
-        return nil unless @res
-        if n.nil?
-          start, @pos = @pos, @res.size
-          return @res[start..-1]
-        else
-          start, @pos = @pos, @pos + n
-          return @res[start, n]
-        end
-      end
-
-    end
-
-    # Socket changes for Ruby 1.9
-    # Functionality is the same as Ruby 1.8 but it includes the new calls to 
-    # the DL module as well as other pointer transformations
-    class Socket19 < Socket
       # Packages the given query string and sends it to the pageant
       # process via the Windows messaging subsystem. The result is
       # cached, to be returned piece-wise when #read is called.
-      def send_query(query)
+      def send_query_19(query)
         res = nil
         filemap = 0
         ptr = nil
@@ -244,17 +239,6 @@ module Net; module SSH; module Authentication
         Win.CloseHandle(filemap) if filemap != 0
       end
     end
-
-    # Selects which socket to use depending on the ruby version
-    # This is needed due changes in the DL module.
-    def self.socket_factory
-      if RUBY_VERSION < "1.9"
-        Socket
-      else
-        Socket19
-      end
-    end
-
   end
 
 end; end; end

data/lib/net/ssh/authentication/session.rb

@@ -2,6 +2,7 @@ require 'net/ssh/loggable'
 require 'net/ssh/transport/constants'
 require 'net/ssh/authentication/constants'
 require 'net/ssh/authentication/key_manager'
+require 'net/ssh/authentication/methods/none'
 require 'net/ssh/authentication/methods/publickey'
 require 'net/ssh/authentication/methods/hostbased'
 require 'net/ssh/authentication/methods/password'
@@ -41,7 +42,7 @@ module Net; module SSH; module Authentication
       self.logger = transport.logger
       @transport = transport
 
-      @auth_methods = options[:auth_methods] || %w(none publickey hostbased password keyboard-interactive)
+      @auth_methods = options[:auth_methods] || Net::SSH::Config.default_auth_methods
       @options = options
 
       @allowed_auth_methods = @auth_methods

data/lib/net/ssh/buffer.rb

@@ -243,14 +243,14 @@ module Net; module SSH
     # a key. Only RSA, DSA, and ECDSA keys are supported.
     def read_keyblob(type)
       case type
-        when "ssh-dss"
+        when /^ssh-dss(-cert-v01@openssh\.com)?$/
           key = OpenSSL::PKey::DSA.new
           key.p = read_bignum
           key.q = read_bignum
           key.g = read_bignum
           key.pub_key = read_bignum
 
-        when "ssh-rsa"
+        when /^ssh-rsa(-cert-v01@openssh\.com)?$/
           key = OpenSSL::PKey::RSA.new
           key.e = read_bignum
           key.n = read_bignum

data/lib/net/ssh/config.rb

@@ -8,6 +8,7 @@ module Net; module SSH
   #
   # Only a subset of OpenSSH configuration options are understood:
   #
+  # * ChallengeResponseAuthentication => maps to the :auth_methods option
   # * Ciphers => maps to the :encryption option
   # * Compression => :compression
   # * CompressionLevel => :compression_level
@@ -25,6 +26,7 @@ module Net; module SSH
   # * Port => :port
   # * PreferredAuthentications => maps to the :auth_methods option
   # * ProxyCommand => maps to the :proxy option
+  # * PubKeyAuthentication => maps to the :auth_methods option
   # * RekeyLimit => :rekey_limit
   # * User => :user
   # * UserKnownHostsFile => :user_known_hosts_file
@@ -35,19 +37,30 @@ module Net; module SSH
   class Config
     class << self
       @@default_files = %w(~/.ssh/config /etc/ssh_config /etc/ssh/ssh_config)
+      # The following defaults follow the openssh client ssh_config defaults.
+      # http://lwn.net/Articles/544640/
+      # "hostbased" is off and "none" is not supported but we allow it since
+      # it's used by some clients to query the server for allowed auth methods
+      @@default_auth_methods = %w(none publickey password keyboard-interactive)
 
       # Returns an array of locations of OpenSSH configuration files
       # to parse by default.
       def default_files
         @@default_files
       end
+      
+      def default_auth_methods
+        @@default_auth_methods
+      end
 
       # Loads the configuration data for the given +host+ from all of the
       # given +files+ (defaulting to the list of files returned by
       # #default_files), translates the resulting hash into the options
       # recognized by Net::SSH, and returns them.
       def for(host, files=default_files)
-        translate(files.inject({}) { |settings, file| load(file, host, settings) })
+        hash = translate(files.inject({}) { |settings, file| 
+          load(file, host, settings)
+        })
       end
 
       # Load the OpenSSH configuration settings in the given +file+ for the
@@ -59,6 +72,8 @@ module Net; module SSH
       def load(path, host, settings={})
         file = File.expand_path(path)
         return settings unless File.readable?(file)
+
+        settings[:auth_methods] ||= default_auth_methods.clone
         
         globals = {}
         matched_host = nil
@@ -119,6 +134,7 @@ module Net; module SSH
       # the returned hash will have Symbols for keys.
       def translate(settings)
         settings.inject({}) do |hash, (key, value)|
+          hash[:auth_methods] ||= settings[:auth_methods] || default_auth_methods.clone
           case key
           when 'bindaddress' then
             hash[:bind_address] = value
@@ -138,8 +154,9 @@ module Net; module SSH
             hash[:global_known_hosts_file] = value
           when 'hostbasedauthentication' then
             if value
-              hash[:auth_methods] ||= []
-              hash[:auth_methods] << "hostbased"
+              (hash[:auth_methods] << "hostbased").uniq!
+            else
+              hash[:auth_methods].delete("hostbased")
             end
           when 'hostkeyalgorithms' then
             hash[:host_key] = value.split(/,/)
@@ -153,8 +170,15 @@ module Net; module SSH
             hash[:hmac] = value.split(/,/)
           when 'passwordauthentication'
             if value
-              hash[:auth_methods] ||= []
-              hash[:auth_methods] << "password"
+              (hash[:auth_methods] << 'password').uniq!
+            else
+              hash[:auth_methods].delete('password')
+            end
+          when 'challengeresponseauthentication'
+            if value
+              (hash[:auth_methods] << 'keyboard-interactive').uniq!
+            else
+              hash[:auth_methods].delete('keyboard-interactive')
             end
           when 'port'
             hash[:port] = value
@@ -165,10 +189,11 @@ module Net; module SSH
               require 'net/ssh/proxy/command'
               hash[:proxy] = Net::SSH::Proxy::Command.new(value)
             end
-	  when 'pubkeyauthentication'
+	        when 'pubkeyauthentication'
             if value
-              hash[:auth_methods] ||= []
-              hash[:auth_methods] << "publickey"
+              (hash[:auth_methods] << 'publickey').uniq!
+            else
+              hash[:auth_methods].delete('publickey')
             end
           when 'rekeylimit'
             hash[:rekey_limit] = interpret_size(value)

data/lib/net/ssh/key_factory.rb

@@ -105,7 +105,13 @@ module Net; module SSH
       # the file describes an RSA or DSA key, and will load it
       # appropriately. The new public key is returned.
       def load_data_public_key(data, filename="")
-        _, blob = data.split(/ /)
+        fields = data.split(/ /)
+
+        blob = nil
+        begin
+          blob = fields.shift
+        end while !blob.nil? && !/^(ssh-(rsa|dss)|ecdsa-sha2-nistp\d+)$/.match(blob)
+        blob = fields.shift
 
         raise Net::SSH::Exception, "public key at #{filename} is not valid" if blob.nil?
 

data/lib/net/ssh/proxy/command.rb

@@ -33,13 +33,20 @@ module Net; module SSH; module Proxy
 
     # Return a new socket connected to the given host and port via the
     # proxy that was requested when the socket factory was instantiated.
-    def open(host, port)
+    def open(host, port, connection_options = nil)
       command_line = @command_line_template.gsub(/%(.)/) {
         case $1
         when 'h'
           host
         when 'p'
           port.to_s
+        when 'r'
+          remote_user = connection_options && connection_options[:remote_user]
+          if remote_user
+            remote_user
+          else
+            raise ArgumentError, "remote user name not available"
+          end
         when '%'
           '%'
         else

data/lib/net/ssh/proxy/http.rb

@@ -48,7 +48,7 @@ module Net; module SSH; module Proxy
 
     # Return a new socket connected to the given host and port via the
     # proxy that was requested when the socket factory was instantiated.
-    def open(host, port)
+    def open(host, port, connection_options = nil)
       socket = TCPSocket.new(proxy_host, proxy_port)
       socket.write "CONNECT #{host}:#{port} HTTP/1.0\r\n"
 

data/lib/net/ssh/proxy/socks4.rb

@@ -47,7 +47,7 @@ module Net
 
         # Return a new socket connected to the given host and port via the
         # proxy that was requested when the socket factory was instantiated.
-        def open(host, port)
+        def open(host, port, connection_options)
           socket = TCPSocket.new(proxy_host, proxy_port)
           ip_addr = IPAddr.new(Resolv.getaddress(host))
           

data/lib/net/ssh/proxy/socks5.rb

@@ -62,7 +62,7 @@ module Net
 
         # Return a new socket connected to the given host and port via the
         # proxy that was requested when the socket factory was instantiated.
-        def open(host, port)
+        def open(host, port, connection_options = nil)
           socket = TCPSocket.new(proxy_host, proxy_port)
 
           methods = [METHOD_NO_AUTH]
@@ -108,7 +108,7 @@ module Net
             ipv6addr hostname = socket.recv(16)
           else
             socket.close
-            raise ConnectionError, "Illegal response type"
+            raise ConnectError, "Illegal response type"
           end
           portnum = socket.recv(2)
           

data/lib/net/ssh/service/forward.rb

@@ -47,8 +47,12 @@ module Net; module SSH; module Service
     # If three arguments are given, it is as if the local bind address is
     # "127.0.0.1", and the rest are applied as above.
     #
+    # To request an ephemeral port on the remote server, provide 0 (zero) for
+    # the port number. In all cases, this method will return the port that
+    # has been assigned.
+    #
     #   ssh.forward.local(1234, "www.capify.org", 80)
-    #   ssh.forward.local("0.0.0.0", 1234, "www.capify.org", 80)
+    #   assigned_port = ssh.forward.local("0.0.0.0", 0, "www.capify.org", 80)
     def local(*args)
       if args.length < 3 || args.length > 4
         raise ArgumentError, "expected 3 or 4 parameters, got #{args.length}"
@@ -69,6 +73,7 @@ module Net; module SSH; module Service
         end
       end
 
+      local_port = socket.addr[1] if local_port == 0 # ephemeral port was requested
       remote_host = args.shift
       remote_port = args.shift.to_i
 
@@ -89,6 +94,8 @@ module Net; module SSH; module Service
           channel[:socket].close
         end
       end
+      
+      local_port
     end
 
     # Terminates an active local forwarded port. If no such forwarded port
@@ -120,15 +127,21 @@ module Net; module SSH; module Service
     # forwarded immediately. If the remote server is not able to begin the
     # listener for this request, an exception will be raised asynchronously.
     #
-    # If you want to know when the connection is active, it will show up in the
-    # #active_remotes list. If you want to block until the port is active, you
-    # could do something like this:
+    # To request an ephemeral port on the remote server, provide 0 (zero) for
+    # the port number. The assigned port will show up in the # #active_remotes
+    # list.
     #
-    #   ssh.forward.remote(80, "www.google.com", 1234, "0.0.0.0")
-    #   ssh.loop { !ssh.forward.active_remotes.include?([1234, "0.0.0.0"]) }
+    # If you want to block until the port is active, you could do something
+    # like this:
+    #
+    #   old_active_remotes = ssh.forward.active_remotes
+    #   ssh.forward.remote(80, "www.google.com", 0, "0.0.0.0")
+    #   ssh.loop { !(ssh.forward.active_remotes.length > old_active_remotes.length) }
+    #   assigned_port = (ssh.forward.active_remotes - old_active_remotes).first[0]
     def remote(port, host, remote_port, remote_host="127.0.0.1")
       session.send_global_request("tcpip-forward", :string, remote_host, :long, remote_port) do |success, response|
         if success
+          remote_port = response.read_long if remote_port == 0
           debug { "remote forward from remote #{remote_host}:#{remote_port} to #{host}:#{port} established" }
           @remote_forwarded_ports[[remote_port, remote_host]] = Remote.new(host, port)
         else
@@ -257,6 +270,24 @@ module Net; module SSH; module Service
         end
       end
 
+      # not a real socket, so use a simpler behaviour
+      def prepare_simple_client(client, channel, type)
+        channel[:socket] = client
+
+        channel.on_data do |ch, data|
+          ch.debug { "data:#{data.length} on #{type} forwarded channel" }
+          ch[:socket].send(data)
+        end
+
+        channel.on_process do |ch|
+          data = ch[:socket].read(8192)
+          if data
+            ch.debug { "read #{data.length} bytes from client, sending over #{type} forwarded connection" }
+            ch.send_data(data)
+          end
+        end
+      end
+
       # The callback used when a new "forwarded-tcpip" channel is requested
       # by the server.  This will open a new socket to the host/port specified
       # when the forwarded connection was first requested.
@@ -287,7 +318,11 @@ module Net; module SSH; module Service
 
         begin
           agent = Authentication::Agent.connect(logger)
-          prepare_client(agent.socket, channel, :agent)
+          if (agent.socket.is_a? ::IO)
+            prepare_client(agent.socket, channel, :agent)
+          else
+            prepare_simple_client(agent.socket, channel, :agent)
+          end
         rescue Exception => e
           error { "attempted to connect to agent but failed: #{e.class.name} (#{e.message})" }
           raise Net::SSH::ChannelOpenFailed.new(2, "could not connect to authentication agent")

data/lib/net/ssh/transport/session.rb

@@ -64,7 +64,13 @@ module Net; module SSH; module Transport
 
       debug { "establishing connection to #{@host}:#{@port}" }
       factory = options[:proxy] || TCPSocket
-      @socket = timeout(options[:timeout] || 0) { @bind_address.nil? || options[:proxy] ? factory.open(@host, @port) : factory.open(@host,@port,@bind_address) }
+      @socket = timeout(options[:timeout] || 0) {
+        case
+        when options[:proxy] then factory.open(@host, @port, options)
+        when @bind_address.nil? then factory.open(@host, @port)
+        else factory.open(@host, @port, @bind_address)
+        end
+      }
       @socket.extend(PacketStream)
       @socket.logger = @logger
 

data/lib/net/ssh/version.rb

@@ -48,7 +48,7 @@ module Net; module SSH
     MAJOR = 2
 
     # The minor component of this version of the Net::SSH library
-    MINOR = 7
+    MINOR = 8
 
     # The tiny component of this version of the Net::SSH library
     TINY  = 0

data/net-ssh.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = "net-ssh"
-  s.version = "2.7.0"
+  s.version = "2.8.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Jamis Buck", "Delano Mandelbaum"]
-  s.date = "2013-09-11"
+  s.date = "2014-02-01"
   s.description = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
   s.email = "net-ssh@solutious.com"
   s.extra_rdoc_files = [
@@ -120,6 +120,9 @@ Gem::Specification.new do |s|
     "test/authentication/test_key_manager.rb",
     "test/authentication/test_session.rb",
     "test/common.rb",
+    "test/configs/auth_off",
+    "test/configs/auth_on",
+    "test/configs/empty",
     "test/configs/eqsign",
     "test/configs/exact_match",
     "test/configs/host_plus",
@@ -133,6 +136,7 @@ Gem::Specification.new do |s|
     "test/connection/test_session.rb",
     "test/known_hosts/github",
     "test/manual/test_forward.rb",
+    "test/start/test_connection.rb",
     "test/start/test_options.rb",
     "test/start/test_transport.rb",
     "test/test_all.rb",
@@ -171,7 +175,7 @@ Gem::Specification.new do |s|
   s.licenses = ["MIT"]
   s.require_paths = ["lib"]
   s.rubyforge_project = "net-ssh"
-  s.rubygems_version = "1.8.25"
+  s.rubygems_version = "1.8.23"
   s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
 
   if s.respond_to? :specification_version then

data/test/authentication/test_agent.rb

@@ -43,7 +43,7 @@ module Authentication
         assert_equal Net::SSH::Transport::ServerVersion::PROTO_VERSION, buffer.read_string
         s.return(SSH2_AGENT_VERSION_RESPONSE)
       end
-      assert_raises(NotImplementedError) { agent.negotiate! }
+      assert_raises(Net::SSH::Authentication::AgentNotAvailable) { agent.negotiate! }
     end
 
     def test_negotiate_should_raise_error_if_response_was_unexpected
@@ -51,7 +51,7 @@ module Authentication
         assert_equal SSH2_AGENT_REQUEST_VERSION, type
         s.return(255)
       end
-      assert_raises(Net::SSH::Authentication::AgentError) { agent.negotiate! }
+      assert_raises(Net::SSH::Authentication::AgentNotAvailable) { agent.negotiate! }
     end
 
     def test_negotiate_should_be_successful_with_expected_response
@@ -65,7 +65,7 @@ module Authentication
     def test_identities_should_fail_if_SSH_AGENT_FAILURE_recieved
       socket.expect do |s, type, buffer|
         assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
-        s.return(SSH_AGENT_FAILURE) 
+        s.return(SSH_AGENT_FAILURE)
       end
       assert_raises(Net::SSH::Authentication::AgentError) { agent.identities }
     end
@@ -73,7 +73,7 @@ module Authentication
     def test_identities_should_fail_if_SSH2_AGENT_FAILURE_recieved
       socket.expect do |s, type, buffer|
         assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
-        s.return(SSH2_AGENT_FAILURE) 
+        s.return(SSH2_AGENT_FAILURE)
       end
       assert_raises(Net::SSH::Authentication::AgentError) { agent.identities }
     end
@@ -81,7 +81,7 @@ module Authentication
     def test_identities_should_fail_if_SSH_COM_AGENT2_FAILURE_recieved
       socket.expect do |s, type, buffer|
         assert_equal SSH2_AGENT_REQUEST_IDENTITIES, type
-        s.return(SSH_COM_AGENT2_FAILURE) 
+        s.return(SSH_COM_AGENT2_FAILURE)
       end
       assert_raises(Net::SSH::Authentication::AgentError) { agent.identities }
     end
@@ -202,4 +202,4 @@ module Authentication
 
   end
 
-end
+end

data/test/authentication/test_key_manager.rb

@@ -18,7 +18,7 @@ module Authentication
       manager.add "/second"
       manager.add "/third"
       manager.add "/second"
-      assert_true manager.key_files.length == 3
+      assert_equal 3, manager.key_files.length
       final_files = manager.key_files.map {|item| item.split('/').last}
       assert_equal %w(first second third), final_files
     end
@@ -30,12 +30,16 @@ module Authentication
       assert !manager.use_agent?
     end
 
+    def test_use_agent_is_false_if_keys_only
+      assert !manager(:keys_only => true).use_agent?
+    end
+
     def test_each_identity_should_load_from_key_files
       manager.stubs(:agent).returns(nil)
       first = File.expand_path("/first")
       second = File.expand_path("/second")
       stub_file_private_key first, rsa
-      stub_file_private_key second, dsa      
+      stub_file_private_key second, dsa
 
       identities = []
       manager.each_identity { |identity| identities << identity }
@@ -43,7 +47,7 @@ module Authentication
       assert_equal 2, identities.length
       assert_equal rsa.to_blob, identities.first.to_blob
       assert_equal dsa.to_blob, identities.last.to_blob
-      
+
       assert_equal({:from => :file, :file => first, :key => rsa}, manager.known_identities[rsa])
       assert_equal({:from => :file, :file => second, :key => dsa}, manager.known_identities[dsa])
     end

data/test/authentication/test_session.rb

@@ -8,7 +8,7 @@ module Authentication
     include Net::SSH::Authentication::Constants
 
     def test_constructor_should_set_defaults
-      assert_equal %w(none publickey hostbased password keyboard-interactive), session.auth_methods
+      assert_equal %w(none publickey password keyboard-interactive), session.auth_methods
       assert_equal session.auth_methods, session.allowed_auth_methods
     end
 
@@ -20,7 +20,7 @@ module Authentication
       end
 
       Net::SSH::Authentication::Methods::Publickey.any_instance.expects(:authenticate).with("next service", "username", "password").raises(Net::SSH::Authentication::DisallowedMethod)
-      Net::SSH::Authentication::Methods::Hostbased.any_instance.expects(:authenticate).with("next service", "username", "password").returns(true)
+      Net::SSH::Authentication::Methods::Password.any_instance.expects(:authenticate).with("next service", "username", "password").returns(true)
       Net::SSH::Authentication::Methods::None.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
 
       assert session.authenticate("next service", "username", "password")
@@ -44,7 +44,6 @@ module Authentication
       end
 
       Net::SSH::Authentication::Methods::Publickey.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
-      Net::SSH::Authentication::Methods::Hostbased.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
       Net::SSH::Authentication::Methods::Password.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
       Net::SSH::Authentication::Methods::KeyboardInteractive.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)
       Net::SSH::Authentication::Methods::None.any_instance.expects(:authenticate).with("next service", "username", "password").returns(false)

data/test/configs/auth_off

@@ -0,0 +1,4 @@
+HostBasedAuthentication no
+PasswordAuthentication no
+PubKeyAuthentication no
+ChallengeResponseAuthentication no

data/test/configs/auth_on

@@ -0,0 +1,4 @@
+HostBasedAuthentication yes
+PasswordAuthentication yes
+PubKeyAuthentication yes
+ChallengeResponseAuthentication yes

data/test/manual/test_forward.rb

@@ -1,4 +1,4 @@
-#     $ ruby -Ilib -Itest -rrubygems test/test_forward.rb
+#     $ ruby -Ilib -Itest -rrubygems test/manual/test_forward.rb
 
 # Tests for the following patch:
 #
@@ -30,14 +30,6 @@ class TestForward < Test::Unit::TestCase
     [localhost ,ENV['USER'], {:keys => "~/.ssh/id_rsa", :verbose => :debug}]
   end
   
-  def find_free_port 
-    server = TCPServer.open(0)
-    server.setsockopt(Socket::SOL_SOCKET,Socket::SO_REUSEADDR,true)
-    port = server.addr[1]
-    server.close
-    port
-  end
-  
   def start_server_sending_lot_of_data(exceptions)
     server = TCPServer.open(0)
     Thread.start do
@@ -77,12 +69,34 @@ class TestForward < Test::Unit::TestCase
     return server
   end
   
+  def test_local_ephemeral_port_should_work_correctly
+    session = Net::SSH.start(*ssh_start_params)
+    
+    assert_nothing_raised do
+      assigned_port = session.forward.local(0, localhost, 22)
+      assert_not_nil assigned_port
+      assert_operator assigned_port, :>, 0
+    end
+  end
+  
+  def test_remote_ephemeral_port_should_work_correctly
+    session = Net::SSH.start(*ssh_start_params)
+    
+    assert_nothing_raised do
+      session.forward.remote(22, localhost, 0, localhost)
+      session.loop { !(session.forward.active_remotes.length > 0) }
+      assigned_port = session.forward.active_remotes.first[0]
+      assert_not_nil assigned_port
+      assert_operator assigned_port, :>, 0
+    end
+  end
+  
   def test_loop_should_not_abort_when_local_side_of_forward_is_closed
     session = Net::SSH.start(*ssh_start_params) 
     server_exc = Queue.new
     server = start_server_sending_lot_of_data(server_exc)
     remote_port = server.addr[1]
-    local_port = find_free_port
+    local_port = 0 # request ephemeral port
     session.forward.local(local_port, localhost, remote_port)
     client_done = Queue.new
     Thread.start do
@@ -104,7 +118,7 @@ class TestForward < Test::Unit::TestCase
     server_exc = Queue.new    
     server = start_server_sending_lot_of_data(server_exc)
     remote_port = server.addr[1]
-    local_port = find_free_port
+    local_port = 0 # request ephemeral port
     session.forward.local(local_port, localhost, remote_port)
     client_done = Queue.new
     Thread.start do
@@ -163,7 +177,7 @@ class TestForward < Test::Unit::TestCase
     session = Net::SSH.start(*ssh_start_params)    
     server = start_server_closing_soon
     remote_port = server.addr[1]
-    local_port = find_free_port
+    local_port = 0 # request ephemeral port
     session.forward.local(local_port, localhost, remote_port)
     client_done = Queue.new
     Thread.start do
@@ -203,8 +217,7 @@ class TestForward < Test::Unit::TestCase
     client_exception = Queue.new
     client_data = Queue.new
     remote_port = server.addr[1]
-    local_port = find_free_port
-    session.forward.local(local_port, localhost, remote_port)
+    local_port = session.forward.local(0, localhost, remote_port)
     Thread.start do
       begin
         client = TCPSocket.new(localhost, local_port)

data/test/start/test_connection.rb

@@ -0,0 +1,53 @@
+require 'common'
+require 'net/ssh'
+
+module NetSSH
+  class TestConnection < Test::Unit::TestCase
+    attr_reader :connection_session
+    
+    def setup
+      authentication_session = mock('authentication_session')
+      authentication_session.stubs(:authenticate).returns(true)
+      Net::SSH::Authentication::Session.stubs(:new).returns(authentication_session)
+      Net::SSH::Transport::Session.stubs(:new).returns(mock('transport_session'))
+      @connection_session = mock('connection_session')
+      Net::SSH::Connection::Session.expects(:new => connection_session)
+    end
+    
+    def test_close_connection_on_exception
+      @connection_session.expects(:closed?).returns(false)
+      @connection_session.expects(:close).once
+      
+      begin
+        Net::SSH.start('localhost', 'testuser') { raise "error" }
+      rescue RuntimeError
+        # We aren't interested in the exception
+      end
+    end
+
+    def test_close_connection_on_exception_only_if_still_open
+      conn_open = states('conn').starts_as(true)
+      @connection_session.expects(:close).then(conn_open.is(false)).once
+      @connection_session.expects(:closed?).when(conn_open.is(false)).returns(true)
+      
+      begin
+        Net::SSH.start('localhost', 'testuser') do |ssh|
+          ssh.close
+          raise "error"
+        end
+      rescue RuntimeError
+        # We aren't interested in the exception
+      end
+    end
+    
+    def test_return_value_is_returned
+      @connection_session.expects(:closed?).returns(false)
+      @connection_session.expects(:close).once
+      
+      val = 1
+      retval = Net::SSH.start('localhost', 'testuser') { val }
+      assert_equal(val, retval)
+    end
+  end
+end
+

data/test/test_config.rb

@@ -97,7 +97,7 @@ class TestConfig < Test::Unit::TestCase
     assert_equal 6,         net_ssh[:compression_level]
     assert_equal 100,       net_ssh[:timeout]
     assert_equal true,      net_ssh[:forward_agent]
-    assert_equal %w(hostbased password publickey), net_ssh[:auth_methods].sort
+    assert_equal %w(hostbased keyboard-interactive none password publickey), net_ssh[:auth_methods].sort
     assert_equal %w(d e f), net_ssh[:host_key]
     assert_equal %w(g h i), net_ssh[:keys]
     assert_equal %w(j k l), net_ssh[:hmac]
@@ -106,6 +106,42 @@ class TestConfig < Test::Unit::TestCase
     assert_equal "127.0.0.1", net_ssh[:bind_address]
     assert_equal [/^LC_.*$/], net_ssh[:send_env]
   end
+
+  def test_translate_should_turn_off_authentication_methods
+    open_ssh = {
+      'hostbasedauthentication'         => false,
+      'passwordauthentication'          => false,
+      'pubkeyauthentication'            => false,
+      'challengeresponseauthentication' => false
+    }
+
+    net_ssh = Net::SSH::Config.translate(open_ssh)
+
+    assert_equal %w(none), net_ssh[:auth_methods].sort
+  end
+
+  def test_translate_should_turn_on_authentication_methods
+    open_ssh = {
+      'hostbasedauthentication'         => true,
+      'passwordauthentication'          => true,
+      'pubkeyauthentication'            => true,
+      'challengeresponseauthentication' => true
+    }
+
+    net_ssh = Net::SSH::Config.translate(open_ssh)
+
+    assert_equal %w(hostbased keyboard-interactive none password publickey), net_ssh[:auth_methods].sort
+  end
+
+  def test_for_should_turn_off_authentication_methods
+    config = Net::SSH::Config.for("test.host", [config(:empty), config(:auth_off), config(:auth_on)])
+    assert_equal %w(none), config[:auth_methods].sort
+  end
+
+  def test_for_should_turn_on_authentication_methods
+    config = Net::SSH::Config.for("test.host", [config(:empty), config(:auth_on), config(:auth_off)])
+    assert_equal %w(hostbased keyboard-interactive none password publickey), config[:auth_methods].sort
+  end
   
   def test_load_with_plus_sign_hosts
     config = Net::SSH::Config.load(config(:host_plus), "test.host")

data/test/test_key_factory.rb

@@ -65,6 +65,20 @@ class TestKeyFactory < Test::Unit::TestCase
     assert_equal rsa_key.to_blob, Net::SSH::KeyFactory.load_public_key(@key_file).to_blob
   end
 
+  def test_load_public_rsa_key_with_comment_should_return_key
+    File.expects(:read).with(@key_file).returns(public(rsa_key) + " key_comment")
+    assert_equal rsa_key.to_blob, Net::SSH::KeyFactory.load_public_key(@key_file).to_blob
+  end
+
+  def test_load_public_rsa_key_with_options_should_return_key
+    File.expects(:read).with(@key_file).returns(public(rsa_key, 'environment="FOO=bar"'))
+    assert_equal rsa_key.to_blob, Net::SSH::KeyFactory.load_public_key(@key_file).to_blob
+  end
+
+  def test_load_public_rsa_key_with_options_and_comment_should_return_key
+    File.expects(:read).with(@key_file).returns(public(rsa_key, 'environment="FOO=bar"')  + " key_comment")
+    assert_equal rsa_key.to_blob, Net::SSH::KeyFactory.load_public_key(@key_file).to_blob
+  end
   if defined?(OpenSSL::PKey::EC)
     def test_load_unencrypted_private_ecdsa_sha2_nistp256_key_should_return_key
       File.expects(:read).with("/key-file").returns(ecdsa_sha2_nistp256_key.to_pem)
@@ -165,8 +179,12 @@ WEKt5v3QsUEgVrzkM4K9UbI=
       key.export(OpenSSL::Cipher::Cipher.new("des-ede3-cbc"), password)
     end
 
-    def public(key)
-      result = "#{key.ssh_type} "
+    def public(key, args = nil)
+      result = ""
+      if !args.nil?
+        result << "#{args} "
+      end
+      result << "#{key.ssh_type} "
       result << [Net::SSH::Buffer.from(:key, key).to_s].pack("m*").strip.tr("\n\r\t ", "")
       result << " joe@host.test"
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 2.7.0
+  version: 2.8.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-11 00:00:00.000000000 Z
+date: 2014-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: test-unit
@@ -157,6 +157,9 @@ files:
 - test/authentication/test_key_manager.rb
 - test/authentication/test_session.rb
 - test/common.rb
+- test/configs/auth_off
+- test/configs/auth_on
+- test/configs/empty
 - test/configs/eqsign
 - test/configs/exact_match
 - test/configs/host_plus
@@ -170,6 +173,7 @@ files:
 - test/connection/test_session.rb
 - test/known_hosts/github
 - test/manual/test_forward.rb
+- test/start/test_connection.rb
 - test/start/test_options.rb
 - test/start/test_transport.rb
 - test/test_all.rb
@@ -224,7 +228,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: net-ssh
-rubygems_version: 1.8.25
+rubygems_version: 1.8.23
 signing_key: 
 specification_version: 3
 summary: ! 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'