poolparty 1.3.4 → 1.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Rakefile +2 -2
- data/VERSION.yml +1 -1
- data/bin/cloud-bootstrap +1 -0
- data/bin/cloud-configure +1 -0
- data/bin/cloud-contract +1 -0
- data/bin/cloud-misc +34 -0
- data/bin/cloud-setup +36 -0
- data/bin/cloud-ssh +4 -1
- data/config/jeweler.rb +4 -3
- data/examples/monitored_cloud.rb +1 -1
- data/examples/thrift/thrift_example.rb +5 -3
- data/examples/vmware.rb +28 -0
- data/lib/cloud_providers/cloud_provider_instance.rb +14 -5
- data/lib/cloud_providers/connections.rb +1 -1
- data/lib/core/file.rb +12 -0
- data/lib/core/object.rb +2 -2
- data/lib/dependency_resolvers/base.rb +1 -1
- data/lib/dependency_resolvers/chef.rb +9 -7
- data/lib/dependency_resolvers/proxy_object.rb +11 -3
- data/lib/mixins/askable.rb +16 -7
- data/lib/poolparty/base.rb +8 -7
- data/lib/poolparty/cloud.rb +77 -7
- data/lib/poolparty/default.rb +1 -0
- data/lib/poolparty/installer.rb +8 -4
- data/lib/poolparty/installers/ec2.rb +75 -5
- data/lib/poolparty/installers/vmware.rb +17 -5
- data/lib/poolparty/plugin.rb +1 -5
- data/lib/poolparty/plugins/apache.rb +10 -7
- data/lib/poolparty/plugins/apache2/base.conf.erb +2 -2
- data/lib/poolparty/plugins/apache2/browser_fixes.conf.erb +1 -1
- data/lib/poolparty/plugins/apache2/passenger_site.rb +2 -2
- data/lib/poolparty/plugins/collectd/templates/collectd.conf.erb +369 -0
- data/lib/poolparty/plugins/collectd.rb +24 -0
- data/lib/poolparty/plugins/hermes.rb +89 -0
- data/lib/poolparty/pool.rb +33 -3
- data/lib/poolparty/resource.rb +32 -18
- data/lib/poolparty/resources/directory.rb +5 -1
- data/lib/poolparty/resources/exec.rb +2 -2
- data/lib/poolparty/resources/file.rb +8 -2
- data/lib/poolparty/resources/gem_package.rb +2 -2
- data/lib/poolparty/resources/line.rb +23 -6
- data/lib/poolparty/resources/mount.rb +2 -2
- data/lib/poolparty/resources/package.rb +2 -2
- data/lib/poolparty/resources/service.rb +2 -2
- data/lib/poolparty/resources/user.rb +2 -2
- data/lib/poolparty/resources/variable.rb +4 -3
- data/lib/poolparty.rb +5 -3
- data/lib/proto/command_interface_handler.rb +17 -1
- data/lib/proto/gen-py/cloudthrift/CommandInterface.pyc +0 -0
- data/lib/proto/gen-py/cloudthrift/__init__.pyc +0 -0
- data/lib/proto/gen-py/cloudthrift/constants.pyc +0 -0
- data/lib/proto/gen-py/cloudthrift/ttypes.pyc +0 -0
- data/lib/proto/gen-py/thrift/Thrift.pyc +0 -0
- data/lib/proto/gen-py/thrift/__init__.pyc +0 -0
- data/lib/proto/gen-py/thrift/protocol/TBinaryProtocol.pyc +0 -0
- data/lib/proto/gen-py/thrift/protocol/TProtocol.pyc +0 -0
- data/lib/proto/gen-py/thrift/protocol/__init__.pyc +0 -0
- data/lib/proto/gen-py/thrift/transport/TSocket.pyc +0 -0
- data/lib/proto/gen-py/thrift/transport/TTransport.pyc +0 -0
- data/lib/proto/gen-py/thrift/transport/__init__.pyc +0 -0
- data/test/lib/dependency_resolvers/chef_test.rb +92 -100
- data/test/lib/poolparty/base_test.rb +13 -0
- data/test/lib/poolparty/cloud_test.rb +50 -2
- data/test/lib/poolparty/monitor_test.rb +2 -2
- data/test/lib/poolparty/resource_test.rb +5 -0
- data/test/lib/poolparty/resources/line_test.rb +3 -3
- data/test/lib/poolparty/resources/service_test.rb +1 -1
- data/test/lib/poolparty/resources/variable_test.rb +33 -10
- data/vendor/gems/net-ssh/CHANGELOG.rdoc +127 -0
- data/vendor/gems/net-ssh/Manifest +104 -0
- data/vendor/gems/net-ssh/README.rdoc +110 -0
- data/vendor/gems/net-ssh/Rakefile +26 -0
- data/vendor/gems/net-ssh/THANKS.rdoc +16 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/agent.rb +176 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/constants.rb +18 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/key_manager.rb +193 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/abstract.rb +60 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/password.rb +39 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/methods/publickey.rb +92 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/pageant.rb +183 -0
- data/vendor/gems/net-ssh/lib/net/ssh/authentication/session.rb +134 -0
- data/vendor/gems/net-ssh/lib/net/ssh/buffer.rb +340 -0
- data/vendor/gems/net-ssh/lib/net/ssh/buffered_io.rb +149 -0
- data/vendor/gems/net-ssh/lib/net/ssh/config.rb +181 -0
- data/vendor/gems/net-ssh/lib/net/ssh/connection/channel.rb +625 -0
- data/vendor/gems/net-ssh/lib/net/ssh/connection/constants.rb +33 -0
- data/vendor/gems/net-ssh/lib/net/ssh/connection/session.rb +596 -0
- data/vendor/gems/net-ssh/lib/net/ssh/connection/term.rb +178 -0
- data/vendor/gems/net-ssh/lib/net/ssh/errors.rb +85 -0
- data/vendor/gems/net-ssh/lib/net/ssh/key_factory.rb +102 -0
- data/vendor/gems/net-ssh/lib/net/ssh/known_hosts.rb +129 -0
- data/vendor/gems/net-ssh/lib/net/ssh/loggable.rb +61 -0
- data/vendor/gems/net-ssh/lib/net/ssh/packet.rb +102 -0
- data/vendor/gems/net-ssh/lib/net/ssh/prompt.rb +93 -0
- data/vendor/gems/net-ssh/lib/net/ssh/proxy/errors.rb +14 -0
- data/vendor/gems/net-ssh/lib/net/ssh/proxy/http.rb +94 -0
- data/vendor/gems/net-ssh/lib/net/ssh/proxy/socks4.rb +70 -0
- data/vendor/gems/net-ssh/lib/net/ssh/proxy/socks5.rb +129 -0
- data/vendor/gems/net-ssh/lib/net/ssh/ruby_compat.rb +7 -0
- data/vendor/gems/net-ssh/lib/net/ssh/service/forward.rb +267 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test/channel.rb +129 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test/extensions.rb +152 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test/kex.rb +44 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test/local_packet.rb +51 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test/packet.rb +81 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test/remote_packet.rb +38 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test/script.rb +157 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test/socket.rb +59 -0
- data/vendor/gems/net-ssh/lib/net/ssh/test.rb +89 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/algorithms.rb +384 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/cipher_factory.rb +80 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/constants.rb +30 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/abstract.rb +78 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/md5.rb +12 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/none.rb +15 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/sha1.rb +13 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/hmac.rb +31 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/identity_cipher.rb +55 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/kex.rb +13 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/openssl.rb +128 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/packet_stream.rb +230 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/server_version.rb +60 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/session.rb +276 -0
- data/vendor/gems/net-ssh/lib/net/ssh/transport/state.rb +201 -0
- data/vendor/gems/net-ssh/lib/net/ssh/verifiers/lenient.rb +30 -0
- data/vendor/gems/net-ssh/lib/net/ssh/verifiers/null.rb +12 -0
- data/vendor/gems/net-ssh/lib/net/ssh/verifiers/strict.rb +53 -0
- data/vendor/gems/net-ssh/lib/net/ssh/version.rb +62 -0
- data/vendor/gems/net-ssh/lib/net/ssh.rb +215 -0
- data/vendor/gems/net-ssh/net-ssh.gemspec +33 -0
- data/vendor/gems/net-ssh/setup.rb +1585 -0
- data/vendor/gems/net-ssh/test/authentication/methods/common.rb +28 -0
- data/vendor/gems/net-ssh/test/authentication/methods/test_abstract.rb +51 -0
- data/vendor/gems/net-ssh/test/authentication/methods/test_hostbased.rb +114 -0
- data/vendor/gems/net-ssh/test/authentication/methods/test_keyboard_interactive.rb +98 -0
- data/vendor/gems/net-ssh/test/authentication/methods/test_password.rb +50 -0
- data/vendor/gems/net-ssh/test/authentication/methods/test_publickey.rb +127 -0
- data/vendor/gems/net-ssh/test/authentication/test_agent.rb +205 -0
- data/vendor/gems/net-ssh/test/authentication/test_key_manager.rb +105 -0
- data/vendor/gems/net-ssh/test/authentication/test_session.rb +93 -0
- data/vendor/gems/net-ssh/test/common.rb +106 -0
- data/vendor/gems/net-ssh/test/configs/eqsign +3 -0
- data/vendor/gems/net-ssh/test/configs/exact_match +8 -0
- data/vendor/gems/net-ssh/test/configs/wild_cards +14 -0
- data/vendor/gems/net-ssh/test/connection/test_channel.rb +452 -0
- data/vendor/gems/net-ssh/test/connection/test_session.rb +488 -0
- data/vendor/gems/net-ssh/test/test_all.rb +6 -0
- data/vendor/gems/net-ssh/test/test_buffer.rb +336 -0
- data/vendor/gems/net-ssh/test/test_buffered_io.rb +63 -0
- data/vendor/gems/net-ssh/test/test_config.rb +84 -0
- data/vendor/gems/net-ssh/test/test_key_factory.rb +67 -0
- data/vendor/gems/net-ssh/test/transport/hmac/test_md5.rb +39 -0
- data/vendor/gems/net-ssh/test/transport/hmac/test_md5_96.rb +25 -0
- data/vendor/gems/net-ssh/test/transport/hmac/test_none.rb +34 -0
- data/vendor/gems/net-ssh/test/transport/hmac/test_sha1.rb +34 -0
- data/vendor/gems/net-ssh/test/transport/hmac/test_sha1_96.rb +25 -0
- data/vendor/gems/net-ssh/test/transport/kex/test_diffie_hellman_group1_sha1.rb +146 -0
- data/vendor/gems/net-ssh/test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb +92 -0
- data/vendor/gems/net-ssh/test/transport/test_algorithms.rb +302 -0
- data/vendor/gems/net-ssh/test/transport/test_cipher_factory.rb +171 -0
- data/vendor/gems/net-ssh/test/transport/test_hmac.rb +34 -0
- data/vendor/gems/net-ssh/test/transport/test_identity_cipher.rb +40 -0
- data/vendor/gems/net-ssh/test/transport/test_packet_stream.rb +435 -0
- data/vendor/gems/net-ssh/test/transport/test_server_version.rb +57 -0
- data/vendor/gems/net-ssh/test/transport/test_session.rb +315 -0
- data/vendor/gems/net-ssh/test/transport/test_state.rb +173 -0
- metadata +116 -4
- data/bin/install-poolparty +0 -20
|
@@ -0,0 +1,78 @@
|
|
|
1
|
+
require 'openssl'
|
|
2
|
+
|
|
3
|
+
module Net; module SSH; module Transport; module HMAC
|
|
4
|
+
|
|
5
|
+
# The base class of all OpenSSL-based HMAC algorithm wrappers.
|
|
6
|
+
class Abstract
|
|
7
|
+
|
|
8
|
+
class <<self
|
|
9
|
+
def key_length(*v)
|
|
10
|
+
@key_length = nil if !defined?(@key_length)
|
|
11
|
+
if v.empty?
|
|
12
|
+
@key_length = superclass.key_length if @key_length.nil? && superclass.respond_to?(:key_length)
|
|
13
|
+
return @key_length
|
|
14
|
+
elsif v.length == 1
|
|
15
|
+
@key_length = v.first
|
|
16
|
+
else
|
|
17
|
+
raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def mac_length(*v)
|
|
22
|
+
@mac_length = nil if !defined?(@mac_length)
|
|
23
|
+
if v.empty?
|
|
24
|
+
@mac_length = superclass.mac_length if @mac_length.nil? && superclass.respond_to?(:mac_length)
|
|
25
|
+
return @mac_length
|
|
26
|
+
elsif v.length == 1
|
|
27
|
+
@mac_length = v.first
|
|
28
|
+
else
|
|
29
|
+
raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def digest_class(*v)
|
|
34
|
+
@digest_class = nil if !defined?(@digest_class)
|
|
35
|
+
if v.empty?
|
|
36
|
+
@digest_class = superclass.digest_class if @digest_class.nil? && superclass.respond_to?(:digest_class)
|
|
37
|
+
return @digest_class
|
|
38
|
+
elsif v.length == 1
|
|
39
|
+
@digest_class = v.first
|
|
40
|
+
else
|
|
41
|
+
raise ArgumentError, "wrong number of arguments (#{v.length} for 1)"
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def key_length
|
|
47
|
+
self.class.key_length
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def mac_length
|
|
51
|
+
self.class.mac_length
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
def digest_class
|
|
55
|
+
self.class.digest_class
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
# The key in use for this instance.
|
|
59
|
+
attr_reader :key
|
|
60
|
+
|
|
61
|
+
def initialize(key=nil)
|
|
62
|
+
self.key = key
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
# Sets the key to the given value, truncating it so that it is the correct
|
|
66
|
+
# length.
|
|
67
|
+
def key=(value)
|
|
68
|
+
@key = value ? value.to_s[0,key_length] : nil
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
# Compute the HMAC digest for the given data string.
|
|
72
|
+
def digest(data)
|
|
73
|
+
OpenSSL::HMAC.digest(digest_class.new, key, data)[0,mac_length]
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
end; end; end; end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'net/ssh/transport/hmac/abstract'
|
|
2
|
+
|
|
3
|
+
module Net::SSH::Transport::HMAC
|
|
4
|
+
|
|
5
|
+
# The SHA1 HMAC algorithm. This has a mac and key length of 20, and
|
|
6
|
+
# uses the SHA1 digest algorithm.
|
|
7
|
+
class SHA1 < Abstract
|
|
8
|
+
mac_length 20
|
|
9
|
+
key_length 20
|
|
10
|
+
digest_class OpenSSL::Digest::SHA1
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
end
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
require 'net/ssh/transport/hmac/md5'
|
|
2
|
+
require 'net/ssh/transport/hmac/md5_96'
|
|
3
|
+
require 'net/ssh/transport/hmac/sha1'
|
|
4
|
+
require 'net/ssh/transport/hmac/sha1_96'
|
|
5
|
+
require 'net/ssh/transport/hmac/none'
|
|
6
|
+
|
|
7
|
+
# Implements a simple factory interface for fetching hmac implementations, or
|
|
8
|
+
# for finding the key lengths for hmac implementations.s
|
|
9
|
+
module Net::SSH::Transport::HMAC
|
|
10
|
+
# The mapping of SSH hmac algorithms to their implementations
|
|
11
|
+
MAP = {
|
|
12
|
+
'hmac-md5' => MD5,
|
|
13
|
+
'hmac-md5-96' => MD5_96,
|
|
14
|
+
'hmac-sha1' => SHA1,
|
|
15
|
+
'hmac-sha1-96' => SHA1_96,
|
|
16
|
+
'none' => None
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
# Retrieves a new hmac instance of the given SSH type (+name+). If +key+ is
|
|
20
|
+
# given, the new instance will be initialized with that key.
|
|
21
|
+
def self.get(name, key="")
|
|
22
|
+
impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
|
|
23
|
+
impl.new(key)
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
# Retrieves the key length for the hmac of the given SSH type (+name+).
|
|
27
|
+
def self.key_length(name)
|
|
28
|
+
impl = MAP[name] or raise ArgumentError, "hmac not found: #{name.inspect}"
|
|
29
|
+
impl.key_length
|
|
30
|
+
end
|
|
31
|
+
end
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
module Net; module SSH; module Transport
|
|
2
|
+
|
|
3
|
+
# A cipher that does nothing but pass the data through, unchanged. This
|
|
4
|
+
# keeps things in the code nice and clean when a cipher has not yet been
|
|
5
|
+
# determined (i.e., during key exchange).
|
|
6
|
+
class IdentityCipher
|
|
7
|
+
class <<self
|
|
8
|
+
# A default block size of 8 is required by the SSH2 protocol.
|
|
9
|
+
def block_size
|
|
10
|
+
8
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# Returns an arbitrary integer.
|
|
14
|
+
def iv_len
|
|
15
|
+
4
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
# Does nothing. Returns self.
|
|
19
|
+
def encrypt
|
|
20
|
+
self
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
# Does nothing. Returns self.
|
|
24
|
+
def decrypt
|
|
25
|
+
self
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Passes its single argument through unchanged.
|
|
29
|
+
def update(text)
|
|
30
|
+
text
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# Returns the empty string.
|
|
34
|
+
def final
|
|
35
|
+
""
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
# The name of this cipher, which is "identity".
|
|
39
|
+
def name
|
|
40
|
+
"identity"
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
# Does nothing. Returns nil.
|
|
44
|
+
def iv=(v)
|
|
45
|
+
nil
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
# Does nothing. Returns self.
|
|
49
|
+
def reset
|
|
50
|
+
self
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
end; end; end
|
|
@@ -0,0 +1,208 @@
|
|
|
1
|
+
require 'net/ssh/buffer'
|
|
2
|
+
require 'net/ssh/errors'
|
|
3
|
+
require 'net/ssh/loggable'
|
|
4
|
+
require 'net/ssh/transport/openssl'
|
|
5
|
+
require 'net/ssh/transport/constants'
|
|
6
|
+
|
|
7
|
+
module Net; module SSH; module Transport; module Kex
|
|
8
|
+
|
|
9
|
+
# A key-exchange service implementing the "diffie-hellman-group1-sha1"
|
|
10
|
+
# key-exchange algorithm.
|
|
11
|
+
class DiffieHellmanGroup1SHA1
|
|
12
|
+
include Constants, Loggable
|
|
13
|
+
|
|
14
|
+
# The value of 'P', as a string, in hexadecimal
|
|
15
|
+
P_s = "FFFFFFFF" "FFFFFFFF" "C90FDAA2" "2168C234" +
|
|
16
|
+
"C4C6628B" "80DC1CD1" "29024E08" "8A67CC74" +
|
|
17
|
+
"020BBEA6" "3B139B22" "514A0879" "8E3404DD" +
|
|
18
|
+
"EF9519B3" "CD3A431B" "302B0A6D" "F25F1437" +
|
|
19
|
+
"4FE1356D" "6D51C245" "E485B576" "625E7EC6" +
|
|
20
|
+
"F44C42E9" "A637ED6B" "0BFF5CB6" "F406B7ED" +
|
|
21
|
+
"EE386BFB" "5A899FA5" "AE9F2411" "7C4B1FE6" +
|
|
22
|
+
"49286651" "ECE65381" "FFFFFFFF" "FFFFFFFF"
|
|
23
|
+
|
|
24
|
+
# The radix in which P_s represents the value of P
|
|
25
|
+
P_r = 16
|
|
26
|
+
|
|
27
|
+
# The group constant
|
|
28
|
+
G = 2
|
|
29
|
+
|
|
30
|
+
attr_reader :p
|
|
31
|
+
attr_reader :g
|
|
32
|
+
attr_reader :digester
|
|
33
|
+
attr_reader :algorithms
|
|
34
|
+
attr_reader :connection
|
|
35
|
+
attr_reader :data
|
|
36
|
+
attr_reader :dh
|
|
37
|
+
|
|
38
|
+
# Create a new instance of the DiffieHellmanGroup1SHA1 algorithm.
|
|
39
|
+
# The data is a Hash of symbols representing information
|
|
40
|
+
# required by this algorithm, which was acquired during earlier
|
|
41
|
+
# processing.
|
|
42
|
+
def initialize(algorithms, connection, data)
|
|
43
|
+
@p = OpenSSL::BN.new(P_s, P_r)
|
|
44
|
+
@g = G
|
|
45
|
+
|
|
46
|
+
@digester = OpenSSL::Digest::SHA1
|
|
47
|
+
@algorithms = algorithms
|
|
48
|
+
@connection = connection
|
|
49
|
+
|
|
50
|
+
@data = data.dup
|
|
51
|
+
@dh = generate_key
|
|
52
|
+
@logger = @data.delete(:logger)
|
|
53
|
+
end
|
|
54
|
+
|
|
55
|
+
# Perform the key-exchange for the given session, with the given
|
|
56
|
+
# data. This method will return a hash consisting of the
|
|
57
|
+
# following keys:
|
|
58
|
+
#
|
|
59
|
+
# * :session_id
|
|
60
|
+
# * :server_key
|
|
61
|
+
# * :shared_secret
|
|
62
|
+
# * :hashing_algorithm
|
|
63
|
+
#
|
|
64
|
+
# The caller is expected to be able to understand how to use these
|
|
65
|
+
# deliverables.
|
|
66
|
+
def exchange_keys
|
|
67
|
+
result = send_kexinit
|
|
68
|
+
verify_server_key(result[:server_key])
|
|
69
|
+
session_id = verify_signature(result)
|
|
70
|
+
confirm_newkeys
|
|
71
|
+
|
|
72
|
+
return { :session_id => session_id,
|
|
73
|
+
:server_key => result[:server_key],
|
|
74
|
+
:shared_secret => result[:shared_secret],
|
|
75
|
+
:hashing_algorithm => digester }
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
private
|
|
79
|
+
|
|
80
|
+
# Returns the DH key parameters for the current connection.
|
|
81
|
+
def get_parameters
|
|
82
|
+
[p, g]
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
# Returns the INIT/REPLY constants used by this algorithm.
|
|
86
|
+
def get_message_types
|
|
87
|
+
[KEXDH_INIT, KEXDH_REPLY]
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
# Build the signature buffer to use when verifying a signature from
|
|
91
|
+
# the server.
|
|
92
|
+
def build_signature_buffer(result)
|
|
93
|
+
response = Net::SSH::Buffer.new
|
|
94
|
+
response.write_string data[:client_version_string],
|
|
95
|
+
data[:server_version_string],
|
|
96
|
+
data[:client_algorithm_packet],
|
|
97
|
+
data[:server_algorithm_packet],
|
|
98
|
+
result[:key_blob]
|
|
99
|
+
response.write_bignum dh.pub_key,
|
|
100
|
+
result[:server_dh_pubkey],
|
|
101
|
+
result[:shared_secret]
|
|
102
|
+
response
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
# Generate a DH key with a private key consisting of the given
|
|
106
|
+
# number of bytes.
|
|
107
|
+
def generate_key #:nodoc:
|
|
108
|
+
dh = OpenSSL::PKey::DH.new
|
|
109
|
+
|
|
110
|
+
dh.p, dh.g = get_parameters
|
|
111
|
+
dh.priv_key = OpenSSL::BN.rand(data[:need_bytes] * 8)
|
|
112
|
+
|
|
113
|
+
dh.generate_key! until dh.valid?
|
|
114
|
+
|
|
115
|
+
dh
|
|
116
|
+
end
|
|
117
|
+
|
|
118
|
+
# Send the KEXDH_INIT message, and expect the KEXDH_REPLY. Return the
|
|
119
|
+
# resulting buffer.
|
|
120
|
+
#
|
|
121
|
+
# Parse the buffer from a KEXDH_REPLY message, returning a hash of
|
|
122
|
+
# the extracted values.
|
|
123
|
+
def send_kexinit #:nodoc:
|
|
124
|
+
init, reply = get_message_types
|
|
125
|
+
|
|
126
|
+
# send the KEXDH_INIT message
|
|
127
|
+
buffer = Net::SSH::Buffer.from(:byte, init, :bignum, dh.pub_key)
|
|
128
|
+
connection.send_message(buffer)
|
|
129
|
+
|
|
130
|
+
# expect the KEXDH_REPLY message
|
|
131
|
+
buffer = connection.next_message
|
|
132
|
+
raise Net::SSH::Exception, "expected REPLY" unless buffer.type == reply
|
|
133
|
+
|
|
134
|
+
result = Hash.new
|
|
135
|
+
|
|
136
|
+
result[:key_blob] = buffer.read_string
|
|
137
|
+
result[:server_key] = Net::SSH::Buffer.new(result[:key_blob]).read_key
|
|
138
|
+
result[:server_dh_pubkey] = buffer.read_bignum
|
|
139
|
+
result[:shared_secret] = OpenSSL::BN.new(dh.compute_key(result[:server_dh_pubkey]), 2)
|
|
140
|
+
|
|
141
|
+
sig_buffer = Net::SSH::Buffer.new(buffer.read_string)
|
|
142
|
+
sig_type = sig_buffer.read_string
|
|
143
|
+
if sig_type != algorithms.host_key
|
|
144
|
+
raise Net::SSH::Exception,
|
|
145
|
+
"host key algorithm mismatch for signature " +
|
|
146
|
+
"'#{sig_type}' != '#{algorithms.host_key}'"
|
|
147
|
+
end
|
|
148
|
+
result[:server_sig] = sig_buffer.read_string
|
|
149
|
+
|
|
150
|
+
return result
|
|
151
|
+
end
|
|
152
|
+
|
|
153
|
+
# Verify that the given key is of the expected type, and that it
|
|
154
|
+
# really is the key for the session's host. Raise Net::SSH::Exception
|
|
155
|
+
# if it is not.
|
|
156
|
+
def verify_server_key(key) #:nodoc:
|
|
157
|
+
if key.ssh_type != algorithms.host_key
|
|
158
|
+
raise Net::SSH::Exception,
|
|
159
|
+
"host key algorithm mismatch " +
|
|
160
|
+
"'#{key.ssh_type}' != '#{algorithms.host_key}'"
|
|
161
|
+
end
|
|
162
|
+
|
|
163
|
+
blob, fingerprint = generate_key_fingerprint(key)
|
|
164
|
+
|
|
165
|
+
unless connection.host_key_verifier.verify(:key => key, :key_blob => blob, :fingerprint => fingerprint, :session => connection)
|
|
166
|
+
raise Net::SSH::Exception, "host key verification failed"
|
|
167
|
+
end
|
|
168
|
+
end
|
|
169
|
+
|
|
170
|
+
def generate_key_fingerprint(key)
|
|
171
|
+
blob = Net::SSH::Buffer.from(:key, key).to_s
|
|
172
|
+
fingerprint = OpenSSL::Digest::MD5.hexdigest(blob).scan(/../).join(":")
|
|
173
|
+
|
|
174
|
+
[blob, fingerprint]
|
|
175
|
+
rescue ::Exception => e
|
|
176
|
+
[nil, "(could not generate fingerprint: #{e.message})"]
|
|
177
|
+
end
|
|
178
|
+
|
|
179
|
+
# Verify the signature that was received. Raise Net::SSH::Exception
|
|
180
|
+
# if the signature could not be verified. Otherwise, return the new
|
|
181
|
+
# session-id.
|
|
182
|
+
def verify_signature(result) #:nodoc:
|
|
183
|
+
response = build_signature_buffer(result)
|
|
184
|
+
|
|
185
|
+
hash = @digester.digest(response.to_s)
|
|
186
|
+
|
|
187
|
+
unless result[:server_key].ssh_do_verify(result[:server_sig], hash)
|
|
188
|
+
raise Net::SSH::Exception, "could not verify server signature"
|
|
189
|
+
end
|
|
190
|
+
|
|
191
|
+
return hash
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
# Send the NEWKEYS message, and expect the NEWKEYS message in
|
|
195
|
+
# reply.
|
|
196
|
+
def confirm_newkeys #:nodoc:
|
|
197
|
+
# send own NEWKEYS message first (the wodSSHServer won't send first)
|
|
198
|
+
response = Net::SSH::Buffer.new
|
|
199
|
+
response.write_byte(NEWKEYS)
|
|
200
|
+
connection.send_message(response)
|
|
201
|
+
|
|
202
|
+
# wait for the server's NEWKEYS message
|
|
203
|
+
buffer = connection.next_message
|
|
204
|
+
raise Net::SSH::Exception, "expected NEWKEYS" unless buffer.type == NEWKEYS
|
|
205
|
+
end
|
|
206
|
+
end
|
|
207
|
+
|
|
208
|
+
end; end; end; end
|
|
@@ -0,0 +1,77 @@
|
|
|
1
|
+
require 'net/ssh/errors'
|
|
2
|
+
require 'net/ssh/transport/constants'
|
|
3
|
+
require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
|
|
4
|
+
|
|
5
|
+
module Net::SSH::Transport::Kex
|
|
6
|
+
|
|
7
|
+
# A key-exchange service implementing the
|
|
8
|
+
# "diffie-hellman-group-exchange-sha1" key-exchange algorithm.
|
|
9
|
+
class DiffieHellmanGroupExchangeSHA1 < DiffieHellmanGroup1SHA1
|
|
10
|
+
MINIMUM_BITS = 1024
|
|
11
|
+
MAXIMUM_BITS = 8192
|
|
12
|
+
|
|
13
|
+
KEXDH_GEX_GROUP = 31
|
|
14
|
+
KEXDH_GEX_INIT = 32
|
|
15
|
+
KEXDH_GEX_REPLY = 33
|
|
16
|
+
KEXDH_GEX_REQUEST = 34
|
|
17
|
+
|
|
18
|
+
private
|
|
19
|
+
|
|
20
|
+
# Compute the number of bits needed for the given number of bytes.
|
|
21
|
+
def compute_need_bits
|
|
22
|
+
need_bits = data[:need_bytes] * 8
|
|
23
|
+
if need_bits < MINIMUM_BITS
|
|
24
|
+
need_bits = MINIMUM_BITS
|
|
25
|
+
elsif need_bits > MAXIMUM_BITS
|
|
26
|
+
need_bits = MAXIMUM_BITS
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
data[:need_bits ] = need_bits
|
|
30
|
+
data[:need_bytes] = need_bits / 8
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
# Returns the DH key parameters for the given session.
|
|
34
|
+
def get_parameters
|
|
35
|
+
compute_need_bits
|
|
36
|
+
|
|
37
|
+
# request the DH key parameters for the given number of bits.
|
|
38
|
+
buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, MINIMUM_BITS,
|
|
39
|
+
:long, data[:need_bits], :long, MAXIMUM_BITS)
|
|
40
|
+
connection.send_message(buffer)
|
|
41
|
+
|
|
42
|
+
buffer = connection.next_message
|
|
43
|
+
unless buffer.type == KEXDH_GEX_GROUP
|
|
44
|
+
raise Net::SSH::Exception, "expected KEXDH_GEX_GROUP, got #{buffer.type}"
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
p = buffer.read_bignum
|
|
48
|
+
g = buffer.read_bignum
|
|
49
|
+
|
|
50
|
+
[p, g]
|
|
51
|
+
end
|
|
52
|
+
|
|
53
|
+
# Returns the INIT/REPLY constants used by this algorithm.
|
|
54
|
+
def get_message_types
|
|
55
|
+
[KEXDH_GEX_INIT, KEXDH_GEX_REPLY]
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
# Build the signature buffer to use when verifying a signature from
|
|
59
|
+
# the server.
|
|
60
|
+
def build_signature_buffer(result)
|
|
61
|
+
response = Net::SSH::Buffer.new
|
|
62
|
+
response.write_string data[:client_version_string],
|
|
63
|
+
data[:server_version_string],
|
|
64
|
+
data[:client_algorithm_packet],
|
|
65
|
+
data[:server_algorithm_packet],
|
|
66
|
+
result[:key_blob]
|
|
67
|
+
response.write_long MINIMUM_BITS,
|
|
68
|
+
data[:need_bits],
|
|
69
|
+
MAXIMUM_BITS
|
|
70
|
+
response.write_bignum dh.p, dh.g, dh.pub_key,
|
|
71
|
+
result[:server_dh_pubkey],
|
|
72
|
+
result[:shared_secret]
|
|
73
|
+
response
|
|
74
|
+
end
|
|
75
|
+
end
|
|
76
|
+
|
|
77
|
+
end
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
|
|
2
|
+
require 'net/ssh/transport/kex/diffie_hellman_group_exchange_sha1'
|
|
3
|
+
|
|
4
|
+
module Net::SSH::Transport
|
|
5
|
+
module Kex
|
|
6
|
+
# Maps the supported key-exchange algorithms as named by the SSH protocol
|
|
7
|
+
# to their corresponding implementors.
|
|
8
|
+
MAP = {
|
|
9
|
+
'diffie-hellman-group-exchange-sha1' => DiffieHellmanGroupExchangeSHA1,
|
|
10
|
+
'diffie-hellman-group1-sha1' => DiffieHellmanGroup1SHA1
|
|
11
|
+
}
|
|
12
|
+
end
|
|
13
|
+
end
|
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
require 'openssl'
|
|
2
|
+
require 'net/ssh/buffer'
|
|
3
|
+
|
|
4
|
+
module OpenSSL
|
|
5
|
+
|
|
6
|
+
# This class is originally defined in the OpenSSL module. As needed, methods
|
|
7
|
+
# have been added to it by the Net::SSH module for convenience in dealing with
|
|
8
|
+
# SSH functionality.
|
|
9
|
+
class BN
|
|
10
|
+
|
|
11
|
+
# Converts a BN object to a string. The format used is that which is
|
|
12
|
+
# required by the SSH2 protocol.
|
|
13
|
+
def to_ssh
|
|
14
|
+
if zero?
|
|
15
|
+
return [0].pack("N")
|
|
16
|
+
else
|
|
17
|
+
buf = to_s(2)
|
|
18
|
+
if buf.getbyte(0)[7] == 1
|
|
19
|
+
return [buf.length+1, 0, buf].pack("NCA*")
|
|
20
|
+
else
|
|
21
|
+
return [buf.length, buf].pack("NA*")
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
module PKey
|
|
29
|
+
|
|
30
|
+
class PKey
|
|
31
|
+
def fingerprint
|
|
32
|
+
@fingerprint ||= OpenSSL::Digest::MD5.hexdigest(to_blob).scan(/../).join(":")
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
# This class is originally defined in the OpenSSL module. As needed, methods
|
|
37
|
+
# have been added to it by the Net::SSH module for convenience in dealing
|
|
38
|
+
# with SSH functionality.
|
|
39
|
+
class DH
|
|
40
|
+
|
|
41
|
+
# Determines whether the pub_key for this key is valid. (This algorithm
|
|
42
|
+
# lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
|
|
43
|
+
def valid?
|
|
44
|
+
return false if pub_key.nil? || pub_key < 0
|
|
45
|
+
bits_set = 0
|
|
46
|
+
pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
|
|
47
|
+
return ( bits_set > 1 && pub_key < p )
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
# This class is originally defined in the OpenSSL module. As needed, methods
|
|
53
|
+
# have been added to it by the Net::SSH module for convenience in dealing
|
|
54
|
+
# with SSH functionality.
|
|
55
|
+
class RSA
|
|
56
|
+
|
|
57
|
+
# Returns "ssh-rsa", which is the description of this key type used by the
|
|
58
|
+
# SSH2 protocol.
|
|
59
|
+
def ssh_type
|
|
60
|
+
"ssh-rsa"
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# Converts the key to a blob, according to the SSH2 protocol.
|
|
64
|
+
def to_blob
|
|
65
|
+
@blob ||= Net::SSH::Buffer.from(:string, ssh_type, :bignum, e, :bignum, n).to_s
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
# Verifies the given signature matches the given data.
|
|
69
|
+
def ssh_do_verify(sig, data)
|
|
70
|
+
verify(OpenSSL::Digest::SHA1.new, sig, data)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
# Returns the signature for the given data.
|
|
74
|
+
def ssh_do_sign(data)
|
|
75
|
+
sign(OpenSSL::Digest::SHA1.new, data)
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
# This class is originally defined in the OpenSSL module. As needed, methods
|
|
80
|
+
# have been added to it by the Net::SSH module for convenience in dealing
|
|
81
|
+
# with SSH functionality.
|
|
82
|
+
class DSA
|
|
83
|
+
|
|
84
|
+
# Returns "ssh-dss", which is the description of this key type used by the
|
|
85
|
+
# SSH2 protocol.
|
|
86
|
+
def ssh_type
|
|
87
|
+
"ssh-dss"
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
# Converts the key to a blob, according to the SSH2 protocol.
|
|
91
|
+
def to_blob
|
|
92
|
+
@blob ||= Net::SSH::Buffer.from(:string, ssh_type,
|
|
93
|
+
:bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
|
|
94
|
+
end
|
|
95
|
+
|
|
96
|
+
# Verifies the given signature matches the given data.
|
|
97
|
+
def ssh_do_verify(sig, data)
|
|
98
|
+
sig_r = sig[0,20].unpack("H*")[0].to_i(16)
|
|
99
|
+
sig_s = sig[20,20].unpack("H*")[0].to_i(16)
|
|
100
|
+
a1sig = OpenSSL::ASN1::Sequence([
|
|
101
|
+
OpenSSL::ASN1::Integer(sig_r),
|
|
102
|
+
OpenSSL::ASN1::Integer(sig_s)
|
|
103
|
+
])
|
|
104
|
+
return verify(OpenSSL::Digest::DSS1.new, a1sig.to_der, data)
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
# Signs the given data.
|
|
108
|
+
def ssh_do_sign(data)
|
|
109
|
+
sig = sign( OpenSSL::Digest::DSS1.new, data)
|
|
110
|
+
a1sig = OpenSSL::ASN1.decode( sig )
|
|
111
|
+
|
|
112
|
+
sig_r = a1sig.value[0].value.to_s(2)
|
|
113
|
+
sig_s = a1sig.value[1].value.to_s(2)
|
|
114
|
+
|
|
115
|
+
if sig_r.length > 20 || sig_s.length > 20
|
|
116
|
+
raise OpenSSL::PKey::DSAError, "bad sig size"
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
sig_r = "\0" * ( 20 - sig_r.length ) + sig_r if sig_r.length < 20
|
|
120
|
+
sig_s = "\0" * ( 20 - sig_s.length ) + sig_s if sig_s.length < 20
|
|
121
|
+
|
|
122
|
+
return sig_r + sig_s
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
end
|
|
127
|
+
|
|
128
|
+
end
|