shells 0.1.23 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 79a5181a0a44f0f7f3f58fa2d8016e882e1a0a85
-  data.tar.gz: 93cac3a6699467509be0e4165fa21c91b727d77e
+  metadata.gz: 8761b43321663a64a0ff144de42cb5487e1bea10
+  data.tar.gz: 824f68405ca177cae6550bc2a54dc8c05abaec01
 SHA512:
-  metadata.gz: fd579203b87620a7d14bf40a31dbbeb5e4d4c66f13ac8b0e93fdca5b19de39c67ac63c0054359a03ed26a740aede2e624604ed017ab5270a5fdc5859098cecc9
-  data.tar.gz: 40a853476c627024cb33386434f7b3d612078ada71fd81f80d7287f767812e1e9a32daf5bba58f1d92c4663a69c90fff87f71c76c69eef4eb50e69b17ba8af85
+  metadata.gz: cccddac76cfd89fa71946057947f35456fe14f8158323c83534d14692b724315a9d1dddfa0c154c6360081d57d9c97ab753dbba1f2b04d51a5f7bab3c639304c
+  data.tar.gz: 7f09ec1b89c15ef347733bd00bdcdb09501d94fd793c2656547f028f77fd27524fb6ee1cd4fccc6f486b3b188f7543f08c34bb0bfd6dcff3903539ee20e3695b

data/README.md

@@ -5,7 +5,9 @@ It started as a secure shell to interact with SSH hosts, then it received a shel
 A natural progression had me adding a serial shell and another shell to access pfSense devices over serial.
 
 If you can't tell, it was primarily developed to interact with pfSense devices, but also tends to work well
-for interacting with other devices and hosts as well.
+for interacting with other devices and hosts as well.  With version 0.2, some changes were made to work 
+better with all sorts of shells connections.  Version 0.2 is not compatible with code written for version
+0.1.
 
 
 ## Installation
@@ -27,29 +29,25 @@ Or install it yourself as:
 
 ## Usage
 
-Any of the various "Session" classes can be used to interact with a device or host.
+Any of the various "Shell" classes can be used to interact with a device or host.
 
 ```ruby
-Shells::SshSession.new(host: 'my.device.name.or.ip', user: 'somebody', password: 'secret') do |sh|
+shell = Shells::SshBashShell.new(host: 'my.device.name.or.ip', user: 'somebody', password: 'secret')
+shell.run do |sh|
   sh.exec "cd /usr/local/bin"
   user_bin_files = sh.exec("ls -A1").split("\n")
   @app_is_installed = user_bin_files.include?("my_app")
 end
 ```
 
-Every session constructor works the same way.  The shell is connected to, the prompt is set, and then the block
-of code passed to the constructor is executed on the shell.  After the code block completes, the session is finalized
-and the shell is closed.
-
-The `Shells` module is designed to allow you to forego the `.new` as well.  So `Shells::SshSession(...)` is the same as 
-`Shells::SshSession.new(...)`.
+If you provide a block to `.new`, it will be run automatically after initializing the shell.
 
 In most cases you will be sending commands to the shell using the `.exec` method of the shell passed to the code block.
 The `.exec` method returns the output of the command and then you can process the results.  You can also request that 
 the `.exec` method retrieves the exit code from the command as well, but this will only work in some shells.
 
 ```ruby
-Shells::SshSession(host: 'my.device.name.or.ip', user: 'somebody', password: 'secret') do |sh|
+Shells::SshBashShell.new(host: 'my.device.name.or.ip', user: 'somebody', password: 'secret') do |sh|
   # By default shells do not retrieve exit codes or raise on non-zero exit codes.
   # These parameters can be set in the options list for the constructor as well to change the 
   # default behavior.

data/bin/console

@@ -7,8 +7,6 @@ require "shells"
 # with your gem easier. You can also use a different console, if you like.
 
 # (If you use this, don't forget to add pry to your Gemfile!)
-require "pry"
+require 'rb-readline'
+require 'pry'
 Pry.start
-
-# require "irb"
-# IRB.start(__FILE__)

data/bin/test-client

@@ -0,0 +1,202 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "net/ssh"
+require "io/console"
+require "thread"
+
+class TestClient
+  LINE_SEPARATOR = ('=-' * 39) + "=\n\n"
+
+  attr_accessor :host, :port, :user, :password
+
+  def initialize(options = {})
+    self.host = options[:host]
+    self.port = options[:port]
+    self.user = options[:user]
+    self.password = options[:password]
+  end
+
+
+  def run
+    show_header
+    input_config
+    run_session
+    show_footer
+  end
+
+
+  def show_header
+    STDOUT.print "Simple SSH Test Client\n"
+    STDOUT.print LINE_SEPARATOR
+  end
+
+
+  def show_footer
+    STDOUT.print LINE_SEPARATOR.strip
+    STDOUT.print "\nTest client exiting successfully.\nSent #{@bytes_out} bytes, received #{@bytes_in} bytes.\n\n"
+  end
+
+
+  def input_config
+    STDOUT.print 'Enter host name:   '
+    self.host = STDIN.gets.to_s.strip
+    raise StandardError, 'Host cannot be blank.' if host == ''
+
+    STDOUT.print 'Enter port number: '
+    self.port = STDIN.gets.to_s.strip.to_i
+    self.port = 22 if port == 0
+    raise StandardError, 'Port must be between 1 and 65535.' unless (1..65535).include?(port)
+
+    STDOUT.print 'Enter user name:   '
+    self.user = STDIN.gets.to_s.strip
+    raise StandardError, 'User cannot be blank.' if user == ''
+
+    STDOUT.print 'Enter password:    '
+    self.password = STDIN.noecho(&:gets).strip
+    STDOUT.print "\n"
+
+    STDOUT.print LINE_SEPARATOR
+  end
+
+
+  def run_session
+    validate_config
+    reset_for_session
+
+    begin
+      STDOUT.print 'Connecting ... '
+      Net::SSH.start(host, user, port: port, password: password) do |ssh|
+        STDOUT.print "Connected\n"
+
+        # open a channel
+        channel = ssh.open_channel do |ch|
+
+          setup_receive_handlers_for ch
+
+          # get a PTY.
+          ch.request_pty do |_, pty_success|
+            raise StandardError, 'Failed to request PTY.' unless pty_success
+          end
+
+          # start an interactive shell.
+          ch.send_channel_request('shell') do |_, shell_success|
+            raise StandardError, 'Failed to start shell.' unless shell_success
+          end
+        end
+
+        # so the channel is now open, so we'll interact with it until it closes.
+
+        # buffer key input from stdin.
+        buffer_stdin do
+
+          # spend up to 1ms waiting for IO events each pass
+          ssh.loop(0.001) do |sh|
+
+            # if the channel is still active, try interacting with it.
+            if channel.active?
+              begin
+
+                # try getting the oldest key from the key buffer.
+                ch = key_from_stdin
+
+                if ch
+                  # if we have a key, send it to the shell.
+                  channel.send_data ch
+                  @bytes_out += ch.bytes.length
+                end
+
+                # the channel is active so return true to keep the session going.
+                true
+              rescue IOError
+                # any IO error will kill our session.
+                false
+              end
+            else
+              # the channel is no longer active so our session is done.
+              false
+            end
+          end
+
+        end
+      end
+    ensure
+
+      # make sure we enable echo before we exit the session.
+      STDIN.echo = true
+    end
+  end
+
+
+  private
+
+
+  def validate_config
+    raise StandardError, 'Host cannot be blank.' if host == ''
+    raise StandardError, 'Port must be between 1 and 65535.' unless (1..65535).include?(port)
+    raise StandardError, 'User cannot be blank.' if user == ''
+  end
+
+  def reset_for_session
+    @bytes_in = 0
+    @bytes_out = 0
+  end
+
+  def setup_receive_handlers_for(ch)
+
+    ch.on_data do |_, data|
+      @bytes_in += data.bytes.length
+      STDOUT.print data
+    end
+
+    ch.on_extended_data do |_, _, data|
+      @bytes_in += data.bytes.length
+      STDERR.print data
+    end
+
+  end
+
+  def buffer_stdin
+
+    @key_buf = []
+    @key_mutex = Mutex.new
+
+    key_reader = Thread.new do
+      loop do
+
+        # read a key
+        ch = STDIN.getch
+
+        # push it onto the buffer
+        @key_mutex.synchronize { @key_buf&.push ch }
+
+        # run forever
+        true
+      end
+    end
+
+    begin
+      # disable echo and yield to the block.
+      STDIN.echo = false
+      yield
+    ensure
+      # enable echo, kill the thread, and nullify the buffer.
+      STDIN.echo = true
+      key_reader.exit
+      @key_buf = nil
+      @key_mutex = nil
+    end
+  end
+
+  def key_from_stdin
+    return nil unless @key_mutex
+    @key_mutex.synchronize { @key_buf&.shift }
+  end
+
+end
+
+
+if $0 == __FILE__
+  TestClient.new.run
+end
+

data/lib/shells.rb

@@ -1,21 +1,17 @@
 require 'shells/version'
 require 'shells/errors'
 require 'shells/shell_base'
-require 'shells/ssh_session'
-require 'shells/serial_session'
-require 'shells/pf_sense_ssh_session'
-require 'shells/pf_sense_serial_session'
+require 'shells/ssh_shell'
+require 'shells/serial_shell'
+require 'shells/ssh_bash_shell'
+require 'shells/serial_bash_shell'
+require 'shells/ssh_pf_sense_shell'
+require 'shells/serial_pf_sense_shell'
 
 
 ##
 # A set of basic shell classes.
 #
-# All shell sessions can be accessed by class name without calling +new+.
-#   Shells::SshSession(host: ...)
-#   Shells::SerialSession(path: ...)
-#   Shells::PfSenseSshSession(host: ...)
-#   Shells::PfSenseSerialSession(path: ...)
-#
 module Shells
 
   ##

data/lib/shells/bash_common.rb

@@ -82,10 +82,18 @@ module Shells
       options = (options || {}).merge(retrieve_exit_code: false, on_non_zero_exit_code: :ignore)
       sudo_exec command, options, &block
     end
-    
+
 
     protected
 
+    ##
+    # Uses the PS1= command to set the prompt for the shell.
+    def setup_prompt #:nodoc:
+      command = "PS1=#{options[:prompt]}"
+      sleep 1.0 # let shell initialize fully.
+      exec_ignore_code command, silence_timeout: 10, command_timeout: 10, timeout_error: true, get_output: false
+    end
+
     ##
     # Gets an exit code by echoing the $? variable from the environment.
     #
@@ -97,11 +105,11 @@ module Shells
         cmd.call(self)
       else
         debug 'Retrieving exit code from last command...'
-        push_buffer
-        send_data cmd + line_ending
-        wait_for_prompt 1, 2
-        ret = command_output(cmd).strip.to_i
-        pop_discard_buffer
+        discard_local_buffer do
+          send_data cmd + line_ending
+          wait_for_prompt 1, 2
+          ret = command_output(cmd).strip.to_i
+        end
         debug 'Exit code: ' + ret.to_s
         ret
       end
@@ -119,7 +127,8 @@ module Shells
     def file_methods
       @file_methods ||= [
           :base64,
-          :openssl
+          :openssl,
+          :perl
       ]
     end
 
@@ -171,6 +180,7 @@ module Shells
         exec cmd
       end
 
+
       ret = block.call(b64path)
 
       exec "rm #{b64path.inspect}"

data/lib/shells/errors.rb

@@ -1,4 +1,13 @@
 module Shells
+
+  ##
+  # Raise a QuitNow to tell the shell to stop processing and exit.
+  #
+  # This is intentionally NOT a RuntimeError since it should only be caught inside the session.
+  class QuitNow < Exception
+
+  end
+
   ##
   # An error occurring within the SecureShell class aside from argument errors.
   class ShellError < StandardError
@@ -12,8 +21,14 @@ module Shells
   end
 
   ##
-  # An error raised when a command requiring a session is attempted after the session has been completed.
-  class SessionCompleted < ShellError
+  # An error raised when +run+ is executed on a shell that is currently running.
+  class AlreadyRunning < ShellError
+
+  end
+
+  ##
+  # An error raised when a method requiring a running shell is called when the shell is not currently running.
+  class NotRunning < ShellError
 
   end
 
@@ -35,15 +50,21 @@ module Shells
     end
   end
 
+  ##
+  # A timeout error raised by the shell.
+  class ShellTimeout < ShellError
+
+  end
+
   ##
   # An error raised when a session is waiting for output for too long.
-  class SilenceTimeout < ShellError
+  class SilenceTimeout < ShellTimeout
 
   end
 
   ##
   # An error raise when a session is waiting for a command to finish for too long.
-  class CommandTimeout < ShellError
+  class CommandTimeout < ShellTimeout
 
   end
 

data/lib/shells/pf_sense_common.rb

@@ -1,6 +1,8 @@
 require 'base64'
 require 'json'
 
+require 'shells/pf_shell_wrapper'
+
 module Shells
 
   ##
@@ -32,54 +34,70 @@ module Shells
     end
 
     ##
-    # Signals that we want to restart the device.
-    class RestartNow < Exception
+    # The shell is already in pf_shell mode.
+    class AlreadyInPfShell < Shells::ShellError
 
     end
 
+    ##
+    # The shell not in pf_shell mode.
+    class NotInPfShell < Shells::ShellError
+
+    end
 
     ##
-    # The base shell used when possible.
-    BASE_SHELL = '/bin/sh'
+    # Signals that we want to restart the device.
+    class RestartNow < Exception
+
+    end
+
 
     ##
-    # The pfSense shell itself.
-    PF_SHELL = '/usr/local/sbin/pfSsh.php'
+    # The prompt text for the main menu.
+    MENU_PROMPT = 'Enter an option:'
 
     ##
-    # The prompt in the pfSense shell.
-    PF_PROMPT = 'pfSense shell:'
+    # The base shell used when possible.
+    BASE_SHELL = '/bin/sh'
 
     ##
     # Gets the version of the pfSense firmware.
     attr_accessor :pf_sense_version
+    protected :pf_sense_version=
 
     ##
     # Gets the user currently logged into the pfSense device.
     attr_accessor :pf_sense_user
+    protected :pf_sense_user=
 
     ##
     # Gets the hostname of the pfSense device.
     attr_accessor :pf_sense_host
+    protected :pf_sense_host=
 
 
-    def line_ending #:nodoc:
-      "\n"
-    end
-
     def self.included(base)  #:nodoc:
 
-      # Trap the RestartNow exception.
-      # When encountered, change the :quit option to '/sbin/reboot'.
-      # This requires rewriting the @options instance variable since the hash is frozen
-      # after initial validation.
-      base.on_exception do |shell, ex|
-        if ex.is_a?(Shells::PfSenseCommon::RestartNow)
-          shell.send(:change_quit, '/sbin/reboot')
-          true
-        else
-          false
+      base.class_eval do
+        # Trap the RestartNow exception.
+        # When encountered, change the :quit option to '/sbin/reboot'.
+        # This requires rewriting the @options instance variable since the hash is frozen
+        # after initial validation.
+        on_exception do |shell, ex|
+          if ex.is_a?(Shells::PfSenseCommon::RestartNow)
+            shell.send(:change_quit, '/sbin/reboot')
+            :break
+          end
+        end
+
+        add_hook :on_before_run do |sh|
+          sh.instance_eval do
+            self.pf_sense_version = nil
+            self.pf_sense_user = nil
+            self.pf_sense_host = nil
+          end
         end
+
       end
 
     end
@@ -87,285 +105,81 @@ module Shells
     def validate_options  #:nodoc:
       super
       options[:shell] = :shell
-      options[:prompt] = 'pfSense shell:'
       options[:quit] = 'exit'
       options[:retrieve_exit_code] = false
       options[:on_non_zero_exit_code] = :ignore
-      options[:override_set_prompt] = ->(sh) { true }
-      options[:override_get_exit_code] = ->(sh) { 0 }
     end
 
-    def exec_shell(&block) #:nodoc:
-      super do
-        # We want to drop to the shell before executing the block.
-        # So we'll navigate the menu to get the option for the shell.
-        # For this first navigation we allow a delay only if we are not connected to a serial device.
-        # Serial connections are always on, so they don't need to initialize first.
-        menu_option = get_menu_option 'Shell', !(Shells::SerialSession > self.class)
-        raise MenuNavigationFailure unless menu_option
-
-        # For 2.3 and 2.4 this is a valid match.
-        # If future versions change the default prompt, we need to change our process.
-        # [VERSION][USER@HOSTNAME]/root:  where /root is the current dir.
-        shell_regex = /\[(?<VER>[^\]]*)\]\[(?<USERHOST>[^\]]*)\](?<CD>\/.*):\s*$/
-
-        # Now we execute the menu option and wait for the shell_regex to match.
-        temporary_prompt(shell_regex) do
-          exec menu_option.to_s, command_timeout: 5
-
-          # Once we have a match we should be able to repeat it and store the information from the shell.
-          data = prompt_match.match(combined_output)
-          self.pf_sense_version = data['VER']
-          self.pf_sense_user, _, self.pf_sense_host = data['USERHOST'].partition('@')
-        end
-
-        block.call
-
-        # Wait for the shell_regex to match again.
-        temporary_prompt(shell_regex) { wait_for_prompt nil, 4, false }
-
-        # Exit the shell to return to the menu.
-        send_data 'exit' + line_ending
-
-        # After the block we want to know what the Logout option is and we change the quit command to match.
-        menu_option = get_menu_option 'Logout'
-        raise MenuNavigationFailure unless menu_option
-        change_quit menu_option.to_s
-      end
-    end
-
-    def exec_prompt(&block) #:nodoc:
-      debug 'Initializing pfSense shell...'
-      exec '/usr/local/sbin/pfSsh.php', command_timeout: 5
-      begin
-        block.call
-      ensure
-        debug 'Quitting pfSense shell...'
-        send_data 'exit' + line_ending
-      end
+    def line_ending
+      @line_ending ||= "\n"
     end
 
-    ##
-    # Executes a series of commands on the pfSense shell.
-    def pf_exec(*commands)
-      ret = ''
-      commands.each { |cmd| ret += exec(cmd) }
-      ret + exec('exec')
-    end
-
-    ##
-    # Reloads the pfSense configuration on the device.
-    def parse_config
-      pf_exec 'parse_config(true);'
-      @config_parsed = true
-    end
-
-    ##
-    # Determines if the configuration has been parsed during this session.
-    def config_parsed?
-      instance_variable_defined?(:@config_parsed) && instance_variable_get(:@config_parsed)
-    end
+    def setup_prompt #:nodoc:
 
-    ##
-    # Gets a configuration section from the pfSense device.
-    def get_config_section(section_name)
-      parse_config unless config_parsed?
-      JSON.parse pf_exec("echo json_encode($config[#{section_name.to_s.inspect}]);").strip
-    end
+      # By default we have the main menu.
+      # We want to drop to the main shell to execute the PHP shell.
+      # So we'll navigate the menu to get the option for the shell.
+      # For this first navigation we allow a delay only if we are not connected to a serial device.
+      # Serial connections are always on, so they don't need to initialize first.
+      menu_option = get_menu_option 'Shell', !(Shells::SerialShell > self.class)
+      raise MenuNavigationFailure unless menu_option
 
-    ##
-    # Sets a configuration section to the pfSense device.
-    #
-    # Returns the number of changes made to the configuration.
-    def set_config_section(section_name, values, message = '')
-      current_values = get_config_section(section_name)
-      changes = generate_config_changes("$config[#{section_name.to_s.inspect}]", current_values, values)
-      if changes&.any?
-        if message.to_s.strip == ''
-          message = "Updating #{section_name} section."
-        end
-        changes << "write_config(#{message.inspect});"
+      # For 2.3 and 2.4 this is a valid match.
+      # If future versions change the default prompt, we need to change our process.
+      # [VERSION][USER@HOSTNAME]/root:  where /root is the current dir.
+      shell_regex = /\[(?<VER>[^\]]*)\]\[(?<USERHOST>[^\]]*)\](?<CD>\/.*):\s*$/
 
-        pf_exec(*changes)
+      # Now we execute the menu option and wait for the shell_regex to match.
+      temporary_prompt(shell_regex) do
+        exec menu_option.to_s, command_timeout: 5
 
-        (changes.size - 1)
-      else
-        0
+        # Once we have a match we should be able to repeat it and store the information from the shell.
+        data = prompt_match.match(output)
+        self.pf_sense_version = data['VER']
+        self.pf_sense_user, _, self.pf_sense_host = data['USERHOST'].partition('@')
       end
-    end
 
-    ##
-    # Apply the firewall configuration.
-    #
-    # You need to apply the firewall configuration after you make changes to aliases, NAT rules, or filter rules.
-    def apply_filter_config
-      pf_exec(
-          'require_once("shaper.inc");',
-          'require_once("filter.inc");',
-          'filter_configure_sync();'
-      )
+      # at this point we can now treat it like a regular tcsh shell.
+      command = "set prompt='#{options[:prompt]}'"
+      exec_ignore_code command, silence_timeout: 10, command_timeout: 10, timeout_error: true, get_output: false
     end
 
-    ##
-    # Applies the user configuration for the specified user.
-    def apply_user_config(user_id)
-      user_id = user_id.to_i
-      pf_exec(
-          'require_once("auth.inc");',
-          "$user_entry = $config[\"system\"][\"user\"][#{user_id}];",
-          '$user_groups = array();',
-          'foreach ($config["system"]["group"] as $gidx => $group) {',
-          '  if (is_array($group["member"])) {',
-          "    if (in_array(#{user_id}, $group[\"member\"])) { $user_groups[] = $group[\"name\"]; }",
-          '  }',
-          '}',
-          # Intentionally run set_groups before and after to ensure group membership gets fully applied.
-          'local_user_set_groups($user_entry, $user_groups);',
-          'local_user_set($user_entry);',
-          'local_user_set_groups($user_entry, $user_groups);'
-      )
-    end
-
-    ##
-    # Enabled public key authentication for the current pfSense user.
-    #
-    # Once this has been done you should be able to connect without using a password.
-    def enable_cert_auth(public_key = '~/.ssh/id_rsa.pub')
-      cert_regex = /^ssh-[rd]sa (?:[A-Za-z0-9+\/]{4})*(?:[A-Za-z0-9+\/]{2}==|[A-Za-z0-9+\/]{3}=)? \S*$/m
-
-      # get our cert unless the user provided a full cert for us.
-      unless public_key =~ cert_regex
-        public_key = File.expand_path(public_key)
-        if File.exist?(public_key)
-          public_key = File.read(public_key).to_s.strip
-        else
-          raise Shells::PfSenseCommon::PublicKeyNotFound
-        end
-        raise Shells::PfSenseCommon::PublicKeyInvalid unless public_key =~ cert_regex
-      end
-
-      cfg = get_config_section 'system'
-      user_id = nil
-      user_name = options[:user].downcase
-      cfg['user'].each_with_index do |user,index|
-        if user['name'].downcase == user_name
-          user_id = index
-
-          authkeys = Base64.decode64(user['authorizedkeys'].to_s).gsub("\r\n", "\n").strip
-          unless authkeys == '' || authkeys =~ cert_regex
-            warn "Existing authorized keys for user #{options[:user]} are invalid and are being reset."
-            authkeys = ''
-          end
-
-          if authkeys == ''
-            user['authorizedkeys'] = Base64.strict_encode64(public_key)
-          else
-            authkeys = authkeys.split("\n")
-            unless authkeys.include?(public_key)
-              authkeys << public_key unless authkeys.include?(public_key)
-              user['authorizedkeys'] = Base64.strict_encode64(authkeys.join("\n"))
-            end
-          end
+    def teardown #:nodoc:
+      # use the default teardown to exit the shell.
+      super
 
-          break
-        end
+      # then navigate to the logout option (if the shell is still active).
+      if active?
+        menu_option = get_menu_option 'Logout'
+        raise MenuNavigationFailure unless menu_option
+        exec_ignore_code menu_option.to_s, command_timeout: 1, timeout_error: false
       end
-
-
-      raise Shells::PfSenseCommon::UserNotFound unless user_id
-
-      set_config_section 'system', cfg, "Enable certificate authentication for #{options[:user]}."
-
-      apply_user_config user_id
     end
 
-
     ##
-    # Exits the shell session immediately and requests a reboot of the pfSense device.
-    def reboot
-      raise Shells::SessionCompleted if session_complete?
-      raise Shells::PfSenseCommon::RestartNow
+    # Executes the code block in the pfSense PHP shell.
+    def pf_shell(&block)
+      ::Shells::PfShellWrapper.new(self, &block).output
     end
 
-    ##
-    # Exits the shell session immediately.
-    def quit
-      raise Shells::SessionCompleted if session_complete?
-      raise Shells::ShellBase::QuitNow
-    end
-
-
-
     private
 
-    def generate_config_changes(prefix, old_value, new_value)
-      old_value = fix_config_arrays(old_value)
-      new_value = fix_config_arrays(new_value)
-
-      if new_value.is_a?(Hash)
-        changes = []
-
-        unless old_value.is_a?(Hash)
-          # make sure the value is an array now.
-          changes << "#{prefix} = array();"
-          # and change the old_value to be an empty hash so we can work with it.
-          old_value = {}
-        end
-
-        # now iterate the hashes and process the child elements.
-        new_value.each do |k, new_v|
-          old_v = old_value[k]
-          changes += generate_config_changes("#{prefix}[#{k.inspect}]", old_v, new_v)
-        end
-
-        changes
-      else
-        if new_value != old_value
-          if new_value.nil?
-            [ "unset #{prefix};" ]
-          else
-            [ "#{prefix} = #{new_value.inspect};" ]
-          end
-        else
-          [ ]
-        end
-      end
-    end
-
-    def fix_config_arrays(value)
-      if value.is_a?(Array)
-        value.each_with_index
-            .map{|v,i| [i,v]}.to_h                      # convert to hash
-            .inject({}){ |m,(k,v)| m[k.to_s] = v; m }   # stringify keys
-      elsif value.is_a?(Hash)
-        value.inject({}) { |m,(k,v)| m[k.to_s] = v; m } # stringify keys
-      else
-        value
-      end
-    end
-
-
-
     # Processes the pfSense console menu to determine the option to send.
     def get_menu_option(option_text, delay = true)
       option_regex = /\s(\d+)\)\s*#{option_text}\s/i
-      prompt_text = 'Enter an option:'
-
-      temporary_prompt prompt_text do
-        begin
 
-          # give the prompt a few seconds to draw.
-          if delay
-            wait_for_prompt(nil, 4, false)
-          end
-
-          # See if we have a menu already.
-          menu_regex = /(?<MENU>\s0\)(?:.|\r|\n(?!\s0\)))*)#{prompt_text}[ \t]*$/
-          match = menu_regex.match(combined_output)
-          menu = match ? match['MENU'] : nil
+      temporary_prompt MENU_PROMPT do
+        # give the prompt a few seconds to draw.
+        if delay
+          wait_for_prompt(nil, 4, false)
+        end
 
-          push_buffer
+        # See if we have a menu already.
+        menu_regex = /(?<MENU>\s0\)(?:.|\r|\n(?!\s0\)))*)#{MENU_PROMPT}[ \t]*$/
+        match = menu_regex.match(output)
+        menu = match ? match['MENU'] : nil
 
+        discard_local_buffer do
           if menu.nil?
             # We want to redraw the menu.
             # In order to do that, we need to send a command that is not valid.
@@ -389,8 +203,6 @@ module Shells
           else
             return nil
           end
-        ensure
-          pop_discard_buffer
         end
       end
     end