sonixlabs-net-ssh 2.3.0

data/lib/net/ssh/transport/packet_stream.rb

@@ -0,0 +1,235 @@
+require 'net/ssh/buffered_io'
+require 'net/ssh/errors'
+require 'net/ssh/packet'
+require 'net/ssh/ruby_compat'
+require 'net/ssh/transport/cipher_factory'
+require 'net/ssh/transport/hmac'
+require 'net/ssh/transport/state'
+
+
+module Net; module SSH; module Transport
+
+  # A module that builds additional functionality onto the Net::SSH::BufferedIo
+  # module. It adds SSH encryption, compression, and packet validation, as
+  # per the SSH2 protocol. It also adds an abstraction for polling packets,
+  # to allow for both blocking and non-blocking reads.
+  module PacketStream
+    include BufferedIo
+
+    def self.extended(object)
+      object.__send__(:initialize_ssh)
+    end
+
+    # The map of "hints" that can be used to modify the behavior of the packet
+    # stream. For instance, when authentication succeeds, an "authenticated"
+    # hint is set, which is used to determine whether or not to compress the
+    # data when using the "delayed" compression algorithm.
+    attr_reader :hints
+
+    # The server state object, which encapsulates the algorithms used to interpret
+    # packets coming from the server.
+    attr_reader :server
+
+    # The client state object, which encapsulates the algorithms used to build
+    # packets to send to the server.
+    attr_reader :client
+
+    # The name of the client (local) end of the socket, as reported by the
+    # socket.
+    def client_name
+      @client_name ||= begin
+        sockaddr = getsockname
+        begin
+          Socket.getnameinfo(sockaddr, Socket::NI_NAMEREQD).first
+        rescue
+          begin
+            Socket.getnameinfo(sockaddr).first
+          rescue
+            begin
+              Socket.gethostbyname(Socket.gethostname).first
+            rescue
+              lwarn { "the client ipaddr/name could not be determined" }
+              "unknown"
+            end
+          end
+        end
+      end
+    end
+
+    # The IP address of the peer (remote) end of the socket, as reported by
+    # the socket.
+    def peer_ip
+      @peer_ip ||=
+        if respond_to?(:getpeername)
+          addr = getpeername
+          Socket.getnameinfo(addr, Socket::NI_NUMERICHOST | Socket::NI_NUMERICSERV).first
+        else
+          "<no hostip for proxy command>"
+        end
+    end
+    
+    # Returns true if the IO is available for reading, and false otherwise.
+    def available_for_read?
+      result = Net::SSH::Compat.io_select([self], nil, nil, 0)
+      result && result.first.any?
+    end
+    
+    # Returns the next full packet. If the mode parameter is :nonblock (the
+    # default), then this will return immediately, whether a packet is
+    # available or not, and will return nil if there is no packet ready to be
+    # returned. If the mode parameter is :block, then this method will block
+    # until a packet is available.
+    def next_packet(mode=:nonblock)
+      case mode
+      when :nonblock then
+        fill if available_for_read?
+        poll_next_packet
+
+      when :block then
+        loop do
+          packet = poll_next_packet
+          return packet if packet
+
+          loop do
+            result = Net::SSH::Compat.io_select([self]) or next
+            break if result.first.any?
+          end
+
+          if fill <= 0
+            raise Net::SSH::Disconnect, "connection closed by remote host"
+          end
+        end
+
+      else
+        raise ArgumentError, "expected :block or :nonblock, got #{mode.inspect}"
+      end
+    end
+
+    # Enqueues a packet to be sent, and blocks until the entire packet is
+    # sent.
+    def send_packet(payload)
+      enqueue_packet(payload)
+      wait_for_pending_sends
+    end
+
+    # Enqueues a packet to be sent, but does not immediately send the packet.
+    # The given payload is pre-processed according to the algorithms specified
+    # in the client state (compression, cipher, and hmac).
+    def enqueue_packet(payload)
+      # try to compress the packet
+      payload = client.compress(payload)
+
+      # the length of the packet, minus the padding
+      actual_length = 4 + payload.length + 1
+
+      # compute the padding length
+      padding_length = client.block_size - (actual_length % client.block_size)
+      padding_length += client.block_size if padding_length < 4
+
+      # compute the packet length (sans the length field itself)
+      packet_length = payload.length + padding_length + 1
+
+      if packet_length < 16
+        padding_length += client.block_size
+        packet_length = payload.length + padding_length + 1
+      end
+
+      padding = Array.new(padding_length) { rand(256) }.pack("C*")
+
+      unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
+      mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
+
+      encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
+      message = encrypted_data + mac
+
+      debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
+      enqueue(message)
+
+      client.increment(packet_length)
+
+      self
+    end
+
+    # Performs any pending cleanup necessary on the IO and its associated
+    # state objects. (See State#cleanup).
+    def cleanup
+      client.cleanup
+      server.cleanup
+    end
+
+    # If the IO object requires a rekey operation (as indicated by either its
+    # client or server state objects, see State#needs_rekey?), this will
+    # yield. Otherwise, this does nothing.
+    def if_needs_rekey?
+      if client.needs_rekey? || server.needs_rekey?
+        yield
+        client.reset! if client.needs_rekey?
+        server.reset! if server.needs_rekey?
+      end
+    end
+
+    protected
+
+      # Called when this module is used to extend an object. It initializes
+      # the states and generally prepares the object for use as a packet stream.
+      def initialize_ssh
+        @hints  = {}
+        @server = State.new(self, :server)
+        @client = State.new(self, :client)
+        @packet = nil
+        initialize_buffered_io
+      end
+
+      # Tries to read the next packet. If there is insufficient data to read
+      # an entire packet, this returns immediately, otherwise the packet is
+      # read, post-processed according to the cipher, hmac, and compression
+      # algorithms specified in the server state object, and returned as a
+      # new Packet object.
+      def poll_next_packet
+        if @packet.nil?
+          minimum = server.block_size < 4 ? 4 : server.block_size
+          return nil if available < minimum
+          data = read_available(minimum)
+
+          # decipher it
+          @packet = Net::SSH::Buffer.new(server.update_cipher(data))
+          @packet_length = @packet.read_long
+        end
+
+        need = @packet_length + 4 - server.block_size
+        raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
+
+        return nil if available < need + server.hmac.mac_length
+
+        if need > 0
+          # read the remainder of the packet and decrypt it.
+          data = read_available(need)
+          @packet.append(server.update_cipher(data))
+        end
+
+        # get the hmac from the tail of the packet (if one exists), and
+        # then validate it.
+        real_hmac = read_available(server.hmac.mac_length) || ""
+
+        @packet.append(server.final_cipher)
+        padding_length = @packet.read_byte
+
+        payload = @packet.read(@packet_length - padding_length - 1)
+        padding = @packet.read(padding_length) if padding_length > 0
+
+        my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
+        raise Net::SSH::Exception, "corrupted mac detected" if real_hmac != my_computed_hmac
+
+        # try to decompress the payload, in case compression is active
+        payload = server.decompress(payload)
+
+        debug { "received packet nr #{server.sequence_number} type #{payload.getbyte(0)} len #{@packet_length}" }
+
+        server.increment(@packet_length)
+        @packet = nil
+
+        return Packet.new(payload)
+      end
+  end
+
+end; end; end

data/lib/net/ssh/transport/server_version.rb

@@ -0,0 +1,71 @@
+require 'net/ssh/errors'
+require 'net/ssh/loggable'
+require 'net/ssh/version'
+
+module Net; module SSH; module Transport
+
+  # Negotiates the SSH protocol version and trades information about server
+  # and client. This is never used directly--it is always called by the
+  # transport layer as part of the initialization process of the transport
+  # layer.
+  #
+  # Note that this class also encapsulates the negotiated version, and acts as
+  # the authoritative reference for any queries regarding the version in effect.
+  class ServerVersion
+    include Loggable
+
+    # The SSH version string as reported by Net::SSH
+    PROTO_VERSION = "SSH-2.0-Ruby/Net::SSH_#{Net::SSH::Version::CURRENT} #{RUBY_PLATFORM}"
+
+    # Any header text sent by the server prior to sending the version.
+    attr_reader :header
+
+    # The version string reported by the server.
+    attr_reader :version
+
+    # Instantiates a new ServerVersion and immediately (and synchronously)
+    # negotiates the SSH protocol in effect, using the given socket.
+    def initialize(socket, logger)
+      @header = ""
+      @version = nil
+      @logger = logger
+      negotiate!(socket)
+    end
+
+    private
+
+      # Negotiates the SSH protocol to use, via the given socket. If the server
+      # reports an incompatible SSH version (e.g., SSH1), this will raise an
+      # exception.
+      def negotiate!(socket)
+        info { "negotiating protocol version" }
+
+        loop do
+          @version = ""
+          loop do
+            begin
+              b = socket.readpartial(1)
+              raise Net::SSH::Disconnect, "connection closed by remote host" if b.nil?
+            rescue EOFError => e
+              raise Net::SSH::Disconnect, "connection closed by remote host"
+            end
+            @version << b
+            break if b == "\n"
+          end
+          break if @version.match(/^SSH-/)
+          @header << @version
+        end
+
+        @version.chomp!
+        debug { "remote is `#{@version}'" }
+
+        unless @version.match(/^SSH-(1\.99|2\.0)-/)
+          raise Net::SSH::Exception, "incompatible SSH version `#{@version}'"
+        end
+
+        debug { "local is `#{PROTO_VERSION}'" }
+        socket.write "#{PROTO_VERSION}\r\n"
+        socket.flush
+      end
+  end
+end; end; end

data/lib/net/ssh/transport/session.rb

@@ -0,0 +1,278 @@
+require 'socket'
+require 'timeout'
+
+require 'net/ssh/errors'
+require 'net/ssh/loggable'
+require 'net/ssh/version'
+require 'net/ssh/transport/algorithms'
+require 'net/ssh/transport/constants'
+require 'net/ssh/transport/packet_stream'
+require 'net/ssh/transport/server_version'
+require 'net/ssh/verifiers/null'
+require 'net/ssh/verifiers/strict'
+require 'net/ssh/verifiers/lenient'
+
+module Net; module SSH; module Transport
+
+  # The transport layer represents the lowest level of the SSH protocol, and
+  # implements basic message exchanging and protocol initialization. It will
+  # never be instantiated directly (unless you really know what you're about),
+  # but will instead be created for you automatically when you create a new
+  # SSH session via Net::SSH.start.
+  class Session
+    include Constants, Loggable
+
+    # The standard port for the SSH protocol.
+    DEFAULT_PORT = 22
+
+    # The host to connect to, as given to the constructor.
+    attr_reader :host
+
+    # The port number to connect to, as given in the options to the constructor.
+    # If no port number was given, this will default to DEFAULT_PORT.
+    attr_reader :port
+
+    # The underlying socket object being used to communicate with the remote
+    # host.
+    attr_reader :socket
+
+    # The ServerVersion instance that encapsulates the negotiated protocol
+    # version.
+    attr_reader :server_version
+
+    # The Algorithms instance used to perform key exchanges.
+    attr_reader :algorithms
+
+    # The host-key verifier object used to verify host keys, to ensure that
+    # the connection is not being spoofed.
+    attr_reader :host_key_verifier
+
+    # The hash of options that were given to the object at initialization.
+    attr_reader :options
+
+    # Instantiates a new transport layer abstraction. This will block until
+    # the initial key exchange completes, leaving you with a ready-to-use
+    # transport session.
+    def initialize(host, options={})
+      self.logger = options[:logger]
+
+      @host = host
+      @port = options[:port] || DEFAULT_PORT
+      @bind_address = options[:bind_address] || nil
+      @options = options
+
+      debug { "establishing connection to #{@host}:#{@port}" }
+      factory = options[:proxy] || TCPSocket
+      @socket = timeout(options[:timeout] || 0) { @bind_address.nil? || options[:proxy] ? factory.open(@host, @port) : factory.open(@host,@port,@bind_address) }
+      @socket.extend(PacketStream)
+      @socket.logger = @logger
+
+      debug { "connection established" }
+
+      @queue = []
+
+      @host_key_verifier = select_host_key_verifier(options[:paranoid])
+
+
+      @server_version = timeout(options[:timeout] || 0) { ServerVersion.new(socket, logger) }
+
+      @algorithms = Algorithms.new(self, options)
+      wait { algorithms.initialized? }
+    end
+
+    # Returns the host (and possibly IP address) in a format compatible with
+    # SSH known-host files.
+    def host_as_string
+      @host_as_string ||= begin
+        string = "#{host}"
+        string = "[#{string}]:#{port}" if port != DEFAULT_PORT
+        if socket.peer_ip != host
+          string2 = socket.peer_ip
+          string2 = "[#{string2}]:#{port}" if port != DEFAULT_PORT
+          string << "," << string2
+        end
+        string
+      end
+    end
+
+    # Returns true if the underlying socket has been closed.
+    def closed?
+      socket.closed?
+    end
+
+    # Cleans up (see PacketStream#cleanup) and closes the underlying socket.
+    def close
+      socket.cleanup
+      socket.close
+    end
+
+    # Performs a "hard" shutdown of the connection. In general, this should
+    # never be done, but it might be necessary (in a rescue clause, for instance,
+    # when the connection needs to close but you don't know the status of the
+    # underlying protocol's state).
+    def shutdown!
+      error { "forcing connection closed" }
+      socket.close
+    end
+
+    # Returns a new service_request packet for the given service name, ready
+    # for sending to the server.
+    def service_request(service)
+      Net::SSH::Buffer.from(:byte, SERVICE_REQUEST, :string, service)
+    end
+
+    # Requests a rekey operation, and blocks until the operation completes.
+    # If a rekey is already pending, this returns immediately, having no
+    # effect.
+    def rekey!
+      if !algorithms.pending?
+        algorithms.rekey!
+        wait { algorithms.initialized? }
+      end
+    end
+
+    # Returns immediately if a rekey is already in process. Otherwise, if a
+    # rekey is needed (as indicated by the socket, see PacketStream#if_needs_rekey?)
+    # one is performed, causing this method to block until it completes.
+    def rekey_as_needed
+      return if algorithms.pending?
+      socket.if_needs_rekey? { rekey! }
+    end
+
+    # Returns a hash of information about the peer (remote) side of the socket,
+    # including :ip, :port, :host, and :canonized (see #host_as_string).
+    def peer
+      @peer ||= { :ip => socket.peer_ip, :port => @port.to_i, :host => @host, :canonized => host_as_string }
+    end
+
+    # Blocks until a new packet is available to be read, and returns that
+    # packet. See #poll_message.
+    def next_message
+      poll_message(:block)
+    end
+
+    # Tries to read the next packet from the socket. If mode is :nonblock (the
+    # default), this will not block and will return nil if there are no packets
+    # waiting to be read. Otherwise, this will block until a packet is
+    # available. Note that some packet types (DISCONNECT, IGNORE, UNIMPLEMENTED,
+    # DEBUG, and KEXINIT) are handled silently by this method, and will never
+    # be returned.
+    #
+    # If a key-exchange is in process and a disallowed packet type is
+    # received, it will be enqueued and otherwise ignored. When a key-exchange
+    # is not in process, and consume_queue is true, packets will be first
+    # read from the queue before the socket is queried.
+    def poll_message(mode=:nonblock, consume_queue=true)
+      loop do
+        if consume_queue && @queue.any? && algorithms.allow?(@queue.first)
+          return @queue.shift
+        end
+
+        packet = socket.next_packet(mode)
+        return nil if packet.nil?
+
+        case packet.type
+        when DISCONNECT
+          raise Net::SSH::Disconnect, "disconnected: #{packet[:description]} (#{packet[:reason_code]})"
+
+        when IGNORE
+          debug { "IGNORE packet recieved: #{packet[:data].inspect}" }
+
+        when UNIMPLEMENTED
+          lwarn { "UNIMPLEMENTED: #{packet[:number]}" }
+
+        when DEBUG
+          __send__(packet[:always_display] ? :fatal : :debug) { packet[:message] }
+
+        when KEXINIT
+          algorithms.accept_kexinit(packet)
+
+        else
+          return packet if algorithms.allow?(packet)
+          push(packet)
+        end
+      end
+    end
+
+    # Waits (blocks) until the given block returns true. If no block is given,
+    # this just waits long enough to see if there are any pending packets. Any
+    # packets read are enqueued (see #push).
+    def wait
+      loop do
+        break if block_given? && yield
+        message = poll_message(:nonblock, false)
+        push(message) if message
+        break if !block_given?
+      end
+    end
+
+    # Adds the given packet to the packet queue. If the queue is non-empty,
+    # #poll_message will return packets from the queue in the order they
+    # were received.
+    def push(packet)
+      @queue.push(packet)
+    end
+
+    # Sends the given message via the packet stream, blocking until the
+    # entire message has been sent.
+    def send_message(message)
+      socket.send_packet(message)
+    end
+
+    # Enqueues the given message, such that it will be sent at the earliest
+    # opportunity. This does not block, but returns immediately.
+    def enqueue_message(message)
+      socket.enqueue_packet(message)
+    end
+
+    # Configure's the packet stream's client state with the given set of
+    # options. This is typically used to define the cipher, compression, and
+    # hmac algorithms to use when sending packets to the server.
+    def configure_client(options={})
+      socket.client.set(options)
+    end
+
+    # Configure's the packet stream's server state with the given set of
+    # options. This is typically used to define the cipher, compression, and
+    # hmac algorithms to use when reading packets from the server.
+    def configure_server(options={})
+      socket.server.set(options)
+    end
+
+    # Sets a new hint for the packet stream, which the packet stream may use
+    # to change its behavior. (See PacketStream#hints).
+    def hint(which, value=true)
+      socket.hints[which] = value
+    end
+
+    public
+
+      # this method is primarily for use in tests
+      attr_reader :queue #:nodoc:
+
+    private
+
+      # Instantiates a new host-key verification class, based on the value of
+      # the parameter. When true or nil, the default Lenient verifier is
+      # returned. If it is false, the Null verifier is returned, and if it is
+      # :very, the Strict verifier is returned. If the argument happens to
+      # respond to :verify, it is returned directly. Otherwise, an exception
+      # is raised.
+      def select_host_key_verifier(paranoid)
+        case paranoid
+        when true, nil then
+          Net::SSH::Verifiers::Lenient.new
+        when false then
+          Net::SSH::Verifiers::Null.new
+        when :very then
+          Net::SSH::Verifiers::Strict.new
+        else
+          if paranoid.respond_to?(:verify)
+            paranoid
+          else
+            raise ArgumentError, "argument to :paranoid is not valid: #{paranoid.inspect}"
+          end
+        end
+      end
+  end
+end; end; end