sonixlabs-net-ssh 2.3.0

data/lib/net/ssh/transport/state.rb

@@ -0,0 +1,206 @@
+require 'zlib'
+require 'net/ssh/transport/cipher_factory'
+require 'net/ssh/transport/hmac'
+
+module Net; module SSH; module Transport
+
+  # Encapsulates state information about one end of an SSH connection. Such
+  # state includes the packet sequence number, the algorithms in use, how
+  # many packets and blocks have been processed since the last reset, and so
+  # forth. This class will never be instantiated directly, but is used as
+  # part of the internal state of the PacketStream module.
+  class State
+    # The socket object that owns this state object.
+    attr_reader :socket
+
+    # The next packet sequence number for this socket endpoint.
+    attr_reader :sequence_number
+
+    # The hmac algorithm in use for this endpoint.
+    attr_reader :hmac
+
+    # The compression algorithm in use for this endpoint.
+    attr_reader :compression
+
+    # The compression level to use when compressing data (or nil, for the default).
+    attr_reader :compression_level
+
+    # The number of packets processed since the last call to #reset!
+    attr_reader :packets
+
+    # The number of data blocks processed since the last call to #reset!
+    attr_reader :blocks
+
+    # The cipher algorithm in use for this socket endpoint.
+    attr_reader :cipher
+
+    # The block size for the cipher
+    attr_reader :block_size
+
+    # The role that this state plays (either :client or :server)
+    attr_reader :role
+
+    # The maximum number of packets that this endpoint wants to process before
+    # needing a rekey.
+    attr_accessor :max_packets
+
+    # The maximum number of blocks that this endpoint wants to process before
+    # needing a rekey.
+    attr_accessor :max_blocks
+
+    # The user-specified maximum number of bytes that this endpoint ought to
+    # process before needing a rekey.
+    attr_accessor :rekey_limit
+
+    # Creates a new state object, belonging to the given socket. Initializes
+    # the algorithms to "none".
+    def initialize(socket, role)
+      @socket = socket
+      @role = role
+      @sequence_number = @packets = @blocks = 0
+      @cipher = CipherFactory.get("none")
+      @block_size = 8
+      @hmac = HMAC.get("none")
+      @compression = nil
+      @compressor = @decompressor = nil
+      @next_iv = ""
+    end
+
+    # A convenience method for quickly setting multiple values in a single
+    # command.
+    def set(values)
+      values.each do |key, value|
+        instance_variable_set("@#{key}", value)
+      end
+      reset!
+    end
+
+    def update_cipher(data)
+      result = cipher.update(data)
+      update_next_iv(role == :client ? result : data)
+      return result
+    end
+
+    def final_cipher
+      result = cipher.final
+      update_next_iv(role == :client ? result : "", true)
+      return result
+    end
+
+    # Increments the counters. The sequence number is incremented (and remapped
+    # so it always fits in a 32-bit integer). The number of packets and blocks
+    # are also incremented.
+    def increment(packet_length)
+      @sequence_number = (@sequence_number + 1) & 0xFFFFFFFF
+      @packets += 1
+      @blocks += (packet_length + 4) / @block_size
+    end
+
+    # The compressor object to use when compressing data. This takes into account
+    # the desired compression level.
+    def compressor
+      @compressor ||= Zlib::Deflate.new(compression_level || Zlib::DEFAULT_COMPRESSION)
+    end
+
+    # The decompressor object to use when decompressing data.
+    def decompressor
+      @decompressor ||= Zlib::Inflate.new(nil)
+    end
+
+    # Returns true if data compression/decompression is enabled. This will
+    # return true if :standard compression is selected, or if :delayed
+    # compression is selected and the :authenticated hint has been received
+    # by the socket.
+    def compression?
+      compression == :standard || (compression == :delayed && socket.hints[:authenticated])
+    end
+
+    # Compresses the data. If no compression is in effect, this will just return
+    # the data unmodified, otherwise it uses #compressor to compress the data.
+    def compress(data)
+      data = data.to_s
+      return data unless compression?
+      compressor.deflate(data, Zlib::SYNC_FLUSH)
+    end
+
+    # Deompresses the data. If no compression is in effect, this will just return
+    # the data unmodified, otherwise it uses #decompressor to decompress the data.
+    def decompress(data)
+      data = data.to_s
+      return data unless compression?
+      decompressor.inflate(data)
+    end
+
+    # Resets the counters on the state object, but leaves the sequence_number
+    # unchanged. It also sets defaults for and recomputes the max_packets and
+    # max_blocks values.
+    def reset!
+      @packets = @blocks = 0
+
+      @max_packets ||= 1 << 31
+
+      @block_size = cipher.name == "RC4" ? 8 : cipher.block_size
+
+      if max_blocks.nil?
+        # cargo-culted from openssh. the idea is that "the 2^(blocksize*2)
+        # limit is too expensive for 3DES, blowfish, etc., so enforce a 1GB
+        # limit for small blocksizes."
+        if @block_size >= 16
+          @max_blocks = 1 << (@block_size * 2)
+        else
+          @max_blocks = (1 << 30) / @block_size
+        end
+
+        # if a limit on the # of bytes has been given, convert that into a
+        # minimum number of blocks processed.
+
+        if rekey_limit
+          @max_blocks = [@max_blocks, rekey_limit / @block_size].min
+        end
+      end
+
+      cleanup
+    end
+
+    # Closes any the compressor and/or decompressor objects that have been
+    # instantiated.
+    def cleanup
+      if @compressor
+        @compressor.finish if !@compressor.finished?
+        @compressor.close
+      end
+
+      if @decompressor
+        # we call reset here so that we don't get warnings when we try to
+        # close the decompressor
+        @decompressor.reset
+        @decompressor.close
+      end
+
+      @compressor = @decompressor = nil
+    end
+
+    # Returns true if the number of packets processed exceeds the maximum
+    # number of packets, or if the number of blocks processed exceeds the
+    # maximum number of blocks.
+    def needs_rekey?
+      max_packets && packets > max_packets ||
+      max_blocks && blocks > max_blocks
+    end
+
+    private
+
+      def update_next_iv(data, reset=false)
+        @next_iv << data
+        @next_iv = @next_iv[-cipher.iv_len..-1]
+
+        if reset
+          cipher.reset
+          cipher.iv = @next_iv
+        end
+
+        return data
+      end
+  end
+
+end; end; end

data/lib/net/ssh/verifiers/lenient.rb

@@ -0,0 +1,30 @@
+require 'net/ssh/verifiers/strict'
+
+module Net; module SSH; module Verifiers
+
+  # Basically the same as the Strict verifier, but does not try to actually
+  # verify a connection if the server is the localhost and the port is a
+  # nonstandard port number. Those two conditions will typically mean the
+  # connection is being tunnelled through a forwarded port, so the known-hosts
+  # file will not be helpful (in general).
+  class Lenient < Strict
+    # Tries to determine if the connection is being tunnelled, and if so,
+    # returns true. Otherwise, performs the standard strict verification.
+    def verify(arguments)
+      return true if tunnelled?(arguments)
+      super
+    end
+
+    private
+
+      # A connection is potentially being tunnelled if the port is not 22,
+      # and the ip refers to the localhost.
+      def tunnelled?(args)
+        return false if args[:session].port == Net::SSH::Transport::Session::DEFAULT_PORT
+        
+        ip = args[:session].peer[:ip]
+        return ip == "127.0.0.1" || ip == "::1"
+      end
+  end
+
+end; end; end

data/lib/net/ssh/verifiers/null.rb

@@ -0,0 +1,12 @@
+module Net; module SSH; module Verifiers
+
+  # The Null host key verifier simply allows every key it sees, without
+  # bothering to verify. This is simple, but is not particularly secure.
+  class Null
+    # Returns true.
+    def verify(arguments)
+      true
+    end
+  end
+
+end; end; end

data/lib/net/ssh/verifiers/strict.rb

@@ -0,0 +1,53 @@
+require 'net/ssh/errors'
+require 'net/ssh/known_hosts'
+
+module Net; module SSH; module Verifiers
+
+  # Does a strict host verification, looking the server up in the known
+  # host files to see if a key has already been seen for this server. If this
+  # server does not appear in any host file, this will silently add the
+  # server. If the server does appear at least once, but the key given does
+  # not match any known for the server, an exception will be raised (HostKeyMismatch).
+  # Otherwise, this returns true.
+  class Strict
+    def verify(arguments)
+      options = arguments[:session].options
+      host = options[:host_key_alias] || arguments[:session].host_as_string
+      matches = Net::SSH::KnownHosts.search_for(host, arguments[:session].options)
+
+      # we've never seen this host before, so just automatically add the key.
+      # not the most secure option (since the first hit might be the one that
+      # is hacked), but since almost nobody actually compares the key
+      # fingerprint, this is a reasonable compromise between usability and
+      # security.
+      if matches.empty?
+        ip = arguments[:session].peer[:ip]
+        Net::SSH::KnownHosts.add(host, arguments[:key], arguments[:session].options)
+        return true
+      end
+
+      # If we found any matches, check to see that the key type and
+      # blob also match.
+      found = matches.any? do |key|
+        key.ssh_type == arguments[:key].ssh_type &&
+        key.to_blob  == arguments[:key].to_blob
+      end
+
+      # If a match was found, return true. Otherwise, raise an exception
+      # indicating that the key was not recognized.
+      found || process_cache_miss(host, arguments)
+    end
+
+    private
+
+      def process_cache_miss(host, args)
+        exception = HostKeyMismatch.new("fingerprint #{args[:fingerprint]} does not match for #{host.inspect}")
+        exception.data = args
+        exception.callback = Proc.new do
+          Net::SSH::KnownHosts.add(host, args[:key], args[:session].options)
+        end
+        raise exception
+      end
+  end
+
+end; end; end

data/lib/net/ssh/version.rb

@@ -0,0 +1,62 @@
+module Net; module SSH
+  # A class for describing the current version of a library. The version
+  # consists of three parts: the +major+ number, the +minor+ number, and the
+  # +tiny+ (or +patch+) number.
+  #
+  # Two Version instances may be compared, so that you can test that a version
+  # of a library is what you require:
+  #
+  #   require 'net/ssh/version'
+  #
+  #   if Net::SSH::Version::CURRENT < Net::SSH::Version[2,1,0]
+  #     abort "your software is too old!"
+  #   end
+  class Version
+    include Comparable
+
+    # A convenience method for instantiating a new Version instance with the
+    # given +major+, +minor+, and +tiny+ components.
+    def self.[](major, minor, tiny)
+      new(major, minor, tiny)
+    end
+
+    attr_reader :major, :minor, :tiny
+
+    # Create a new Version object with the given components.
+    def initialize(major, minor, tiny)
+      @major, @minor, @tiny = major, minor, tiny
+    end
+
+    # Compare this version to the given +version+ object.
+    def <=>(version)
+      to_i <=> version.to_i
+    end
+
+    # Converts this version object to a string, where each of the three
+    # version components are joined by the '.' character. E.g., 2.0.0.
+    def to_s
+      @to_s ||= [@major, @minor, @tiny].join(".")
+    end
+
+    # Converts this version to a canonical integer that may be compared
+    # against other version objects.
+    def to_i
+      @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
+    end
+
+    # The major component of this version of the Net::SSH library
+    MAJOR = 2
+
+    # The minor component of this version of the Net::SSH library
+    MINOR = 3
+
+    # The tiny component of this version of the Net::SSH library
+    TINY  = 0
+
+    # The current version of the Net::SSH library as a Version instance
+    CURRENT = new(MAJOR, MINOR, TINY)
+
+    # The current version of the Net::SSH library as a String
+    STRING = CURRENT.to_s
+  end
+end; end

data/lib/sonixlabs-net-ssh.rb

@@ -0,0 +1 @@
+require 'net/ssh'

data/net-ssh.gemspec

@@ -0,0 +1,145 @@
+@spec = Gem::Specification.new do |s|
+	s.name = "sonixlabs-net-ssh"
+	s.version = "2.3.0"
+	s.summary = "Net::SSH: a pure-Ruby implementation of the SSH2 client protocol."
+	s.description = s.summary + " It allows you to write programs that invoke and interact with processes on remote servers, via SSH2."
+	s.authors = ["Kazuhiro Yamada"]
+	s.email = ["sonixlabs@sonix.asia", "yamadakazu45@gmail.com"]
+	s.homepage = "https://github.com/sonixlabs/net-ssh"
+  
+  s.extra_rdoc_files = %w[README.rdoc THANKS.rdoc CHANGELOG.rdoc]
+  s.has_rdoc = true
+  s.rdoc_options = ["--line-numbers", "--title", s.summary, "--main", "README.rdoc"]
+  s.require_paths = %w[lib]
+  s.rubygems_version = '1.3.2'
+  
+  s.executables = %w[]
+  
+  # = MANIFEST =
+  s.files = %w(
+  CHANGELOG.rdoc
+  Manifest
+  README.rdoc
+  Rakefile
+  Rudyfile
+  THANKS.rdoc
+  lib/sonixlabs-net-ssh.rb
+  lib/net/ssh.rb
+  lib/net/ssh/authentication/agent.rb
+  lib/net/ssh/authentication/constants.rb
+  lib/net/ssh/authentication/key_manager.rb
+  lib/net/ssh/authentication/methods/abstract.rb
+  lib/net/ssh/authentication/methods/hostbased.rb
+  lib/net/ssh/authentication/methods/keyboard_interactive.rb
+  lib/net/ssh/authentication/methods/password.rb
+  lib/net/ssh/authentication/methods/publickey.rb
+  lib/net/ssh/authentication/pageant.rb
+  lib/net/ssh/authentication/session.rb
+  lib/net/ssh/buffer.rb
+  lib/net/ssh/buffered_io.rb
+  lib/net/ssh/config.rb
+  lib/net/ssh/connection/channel.rb
+  lib/net/ssh/connection/constants.rb
+  lib/net/ssh/connection/session.rb
+  lib/net/ssh/connection/term.rb
+  lib/net/ssh/errors.rb
+  lib/net/ssh/key_factory.rb
+  lib/net/ssh/known_hosts.rb
+  lib/net/ssh/loggable.rb
+  lib/net/ssh/packet.rb
+  lib/net/ssh/prompt.rb
+  lib/net/ssh/proxy/command.rb
+  lib/net/ssh/proxy/errors.rb
+  lib/net/ssh/proxy/http.rb
+  lib/net/ssh/proxy/socks4.rb
+  lib/net/ssh/proxy/socks5.rb
+  lib/net/ssh/ruby_compat.rb
+  lib/net/ssh/service/forward.rb
+  lib/net/ssh/test.rb
+  lib/net/ssh/test/channel.rb
+  lib/net/ssh/test/extensions.rb
+  lib/net/ssh/test/kex.rb
+  lib/net/ssh/test/local_packet.rb
+  lib/net/ssh/test/packet.rb
+  lib/net/ssh/test/remote_packet.rb
+  lib/net/ssh/test/script.rb
+  lib/net/ssh/test/socket.rb
+  lib/net/ssh/transport/algorithms.rb
+  lib/net/ssh/transport/cipher_factory.rb
+  lib/net/ssh/transport/constants.rb
+  lib/net/ssh/transport/hmac.rb
+  lib/net/ssh/transport/hmac/abstract.rb
+  lib/net/ssh/transport/hmac/md5.rb
+  lib/net/ssh/transport/hmac/md5_96.rb
+  lib/net/ssh/transport/hmac/none.rb
+  lib/net/ssh/transport/hmac/sha1.rb
+  lib/net/ssh/transport/hmac/sha1_96.rb
+  lib/net/ssh/transport/hmac/sha2_256.rb
+  lib/net/ssh/transport/hmac/sha2_256_96.rb
+  lib/net/ssh/transport/hmac/sha2_512.rb
+  lib/net/ssh/transport/hmac/sha2_512_96.rb
+  lib/net/ssh/transport/identity_cipher.rb
+  lib/net/ssh/transport/key_expander.rb
+  lib/net/ssh/transport/kex.rb
+  lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb
+  lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb
+  lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha256.rb
+  lib/net/ssh/transport/openssl.rb
+  lib/net/ssh/transport/packet_stream.rb
+  lib/net/ssh/transport/server_version.rb
+  lib/net/ssh/transport/session.rb
+  lib/net/ssh/transport/state.rb
+  lib/net/ssh/verifiers/lenient.rb
+  lib/net/ssh/verifiers/null.rb
+  lib/net/ssh/verifiers/strict.rb
+  lib/net/ssh/version.rb
+  net-ssh.gemspec
+  setup.rb
+  support/arcfour_check.rb
+  support/ssh_tunnel_bug.rb
+  test/authentication/methods/common.rb
+  test/authentication/methods/test_abstract.rb
+  test/authentication/methods/test_hostbased.rb
+  test/authentication/methods/test_keyboard_interactive.rb
+  test/authentication/methods/test_password.rb
+  test/authentication/methods/test_publickey.rb
+  test/authentication/test_agent.rb
+  test/authentication/test_key_manager.rb
+  test/authentication/test_session.rb
+  test/common.rb
+  test/configs/eqsign
+  test/configs/exact_match
+  test/configs/host_plus
+  test/configs/multihost
+  test/configs/wild_cards
+  test/connection/test_channel.rb
+  test/connection/test_session.rb
+  test/test_all.rb
+  test/test_buffer.rb
+  test/test_buffered_io.rb
+  test/test_config.rb
+  test/test_key_factory.rb
+  test/transport/hmac/test_md5.rb
+  test/transport/hmac/test_md5_96.rb
+  test/transport/hmac/test_none.rb
+  test/transport/hmac/test_sha1.rb
+  test/transport/hmac/test_sha1_96.rb
+  test/transport/hmac/test_sha2_256.rb
+  test/transport/hmac/test_sha2_256_96.rb
+  test/transport/hmac/test_sha2_512.rb
+  test/transport/hmac/test_sha2_512_96.rb
+  test/transport/kex/test_diffie_hellman_group1_sha1.rb
+  test/transport/kex/test_diffie_hellman_group_exchange_sha1.rb
+  test/transport/kex/test_diffie_hellman_group_exchange_sha256.rb
+  test/transport/test_algorithms.rb
+  test/transport/test_cipher_factory.rb
+  test/transport/test_hmac.rb
+  test/transport/test_identity_cipher.rb
+  test/transport/test_packet_stream.rb
+  test/transport/test_server_version.rb
+  test/transport/test_session.rb
+  test/transport/test_state.rb
+  )
+
+  
+end