tpkg 2.3.3 → 2.3.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +1 -0
- data/Gemfile +4 -0
- data/LICENSE +20 -0
- data/Portfile +39 -0
- data/Portfile.template +39 -0
- data/README.md +43 -0
- data/Rakefile +468 -18
- data/bin/gem2tpkg +2 -2
- data/bin/tpkg +18 -13
- data/bin/tpkg_uploader +132 -0
- data/ca.pem +1 -0
- data/control +7 -0
- data/depend +3 -0
- data/externals-etch/authorized_keys +40 -0
- data/externals-etch/group +9 -0
- data/externals-etch/iptables +38 -0
- data/externals-etch/limits +30 -0
- data/externals-etch/nfs +30 -0
- data/externals-etch/sudo +30 -0
- data/externals-etch/supplemental_groups +8 -0
- data/externals-etch/sysctl +30 -0
- data/externals-etch/user +41 -0
- data/externals/group +39 -0
- data/externals/supplemental_groups +48 -0
- data/externals/user +39 -0
- data/lib/tpkg.rb +260 -991
- data/lib/tpkg/os.rb +164 -0
- data/lib/tpkg/os/debian.rb +159 -0
- data/lib/tpkg/os/freebsd.rb +113 -0
- data/lib/tpkg/os/macosx.rb +113 -0
- data/lib/tpkg/os/redhat.rb +173 -0
- data/lib/tpkg/os/solaris.rb +101 -0
- data/lib/tpkg/os/windows.rb +26 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify.rb +67 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/errors.rb +127 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/kwalify.schema.yaml +58 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/main.rb +442 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/messages.rb +173 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/meta-validator.rb +275 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/parser/base.rb +127 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/parser/yaml.rb +841 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/rule.rb +559 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/templates/genclass-java.eruby +222 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/templates/genclass-php.eruby +104 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/templates/genclass-ruby.eruby +113 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/types.rb +156 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util.rb +158 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/assert-text-equal.rb +46 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/hash-interface.rb +18 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/hashlike.rb +51 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/option-parser.rb +220 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/ordered-hash.rb +57 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/testcase-helper.rb +112 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/validator.rb +282 -0
- data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/yaml-parser.rb +870 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh.rb +219 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/agent.rb +179 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/constants.rb +18 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/key_manager.rb +219 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/abstract.rb +60 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/password.rb +39 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/publickey.rb +92 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/pageant.rb +183 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/session.rb +134 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/buffer.rb +340 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/buffered_io.rb +198 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/config.rb +205 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/connection/channel.rb +630 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/connection/constants.rb +33 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/connection/session.rb +597 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/connection/term.rb +178 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/errors.rb +85 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/key_factory.rb +102 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/known_hosts.rb +129 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/loggable.rb +61 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/packet.rb +102 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/prompt.rb +93 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/command.rb +75 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/errors.rb +14 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/http.rb +94 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/socks4.rb +70 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/socks5.rb +142 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/ruby_compat.rb +43 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/service/forward.rb +288 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test.rb +89 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/channel.rb +129 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/extensions.rb +152 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/kex.rb +44 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/local_packet.rb +51 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/packet.rb +81 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/remote_packet.rb +38 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/script.rb +157 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/socket.rb +64 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/algorithms.rb +384 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/cipher_factory.rb +97 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/constants.rb +30 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac.rb +31 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/abstract.rb +79 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/md5.rb +12 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/none.rb +15 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/sha1.rb +13 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/identity_cipher.rb +55 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/kex.rb +13 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/openssl.rb +127 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/packet_stream.rb +235 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/server_version.rb +71 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/session.rb +276 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/state.rb +206 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/verifiers/lenient.rb +30 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/verifiers/null.rb +12 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/verifiers/strict.rb +53 -0
- data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/version.rb +62 -0
- data/lib/tpkg/version.rb +3 -0
- data/man/man1/cpan2tpkg.1 +82 -0
- data/man/man1/gem2tpkg.1 +120 -0
- data/man/man1/tpkg.1 +411 -0
- data/pkginfo +8 -0
- data/postinstall.solaris +11 -0
- data/postremove.solaris +16 -0
- data/schema/schema-1.0.5.yml +0 -0
- data/schema/schema-1.0.6.yml +0 -0
- data/schema/schema-1.0.7.yml +0 -0
- data/schema/schema-1.0.8.yml +0 -0
- data/schema/schema-1.0.9.yml +0 -0
- data/schema/schema.yml +0 -0
- data/schema/tpkg-1.0.0.dtd +0 -0
- data/schema/tpkg-1.0.1.dtd +0 -0
- data/schema/tpkg-1.0.2.dtd +0 -0
- data/schema/tpkg-1.0.3.dtd +0 -0
- data/schema/tpkg-1.0.4.dtd +0 -0
- data/schema/tpkg-1.0.5.dtd +0 -0
- data/schema/tpkg-1.0.6.dtd +0 -0
- data/schema/tpkg-1.0.7.dtd +0 -0
- data/schema/tpkg-1.0.8.dtd +0 -0
- data/schema/tpkg-1.0.9.dtd +0 -0
- data/schema/tpkg.dtd +0 -0
- data/test/TODO +30 -0
- data/test/premadetestpkg/pkg_without_file_metadata-1.0-1.tpkg +0 -0
- data/test/test_checksum.rb +53 -0
- data/test/test_compress.rb +55 -0
- data/test/test_conflict.rb +41 -0
- data/test/test_crontabs.rb +398 -0
- data/test/test_dependency.rb +1113 -0
- data/test/test_downgrade.rb +80 -0
- data/test/test_download.rb +95 -0
- data/test/test_encrypt.rb +136 -0
- data/test/test_filemetadata.rb +131 -0
- data/test/test_initscript.rb +93 -0
- data/test/test_install.rb +186 -0
- data/test/test_lock.rb +82 -0
- data/test/test_make.rb +410 -0
- data/test/test_metadata.rb +805 -0
- data/test/test_misc.rb +379 -0
- data/test/test_options.rb +1711 -0
- data/test/test_os.rb +193 -0
- data/test/test_os_debian.rb +99 -0
- data/test/test_os_freebsd.rb +89 -0
- data/test/test_os_macosx.rb +79 -0
- data/test/test_os_redhat.rb +124 -0
- data/test/test_os_solaris.rb +85 -0
- data/test/test_os_windows.rb +26 -0
- data/test/test_query.rb +134 -0
- data/test/test_remove.rb +539 -0
- data/test/test_tar.rb +99 -0
- data/test/test_unpack.rb +977 -0
- data/test/test_upgrade.rb +398 -0
- data/test/test_version.rb +54 -0
- data/test/testcmds/crontab +14 -0
- data/test/testcmds/debian/apt-cache +145 -0
- data/test/testcmds/debian/dpkg-query +16 -0
- data/test/testcmds/freebsd/pkg_info +13 -0
- data/test/testcmds/macosx/port +35 -0
- data/test/testcmds/redhat/rpmbuild +6 -0
- data/test/testcmds/redhat/yum +90 -0
- data/test/testcmds/solaris/pkginfo +25 -0
- data/test/testcmds/solaris/pkgutil +36 -0
- data/test/testpkg/reloc/encfile +2 -0
- data/test/testpkg/reloc/file +2 -0
- data/test/testpkg/reloc/precryptfile +1 -0
- data/test/testpkg/reloc/precryptfile.plaintext +3 -0
- data/test/testpkg/tpkg-bad-ownergroup.xml +25 -0
- data/test/testpkg/tpkg-bad-ownergroup.yml +18 -0
- data/test/testpkg/tpkg-default-perms.xml +28 -0
- data/test/testpkg/tpkg-default-perms.yml +20 -0
- data/test/testpkg/tpkg-good-ownergroup.xml +25 -0
- data/test/testpkg/tpkg-good-ownergroup.yml +18 -0
- data/test/testpkg/tpkg-nativedeps.yml +13 -0
- data/test/testpkg/tpkg-nofiles.xml +14 -0
- data/test/testpkg/tpkg-nofiles.yml +9 -0
- data/test/testpkg/tpkg.xml +35 -0
- data/test/testpkg/tpkg.yml +25 -0
- data/test/tpkgtest.rb +300 -0
- data/tpkg.conf +16 -0
- data/tpkg.gemspec +24 -0
- data/tpkg.spec +28 -0
- data/tpkg.xml +17 -0
- data/tpkg_profile.sh +32 -0
- metadata +306 -31
@@ -0,0 +1,77 @@
|
|
1
|
+
require 'net/ssh/errors'
|
2
|
+
require 'net/ssh/transport/constants'
|
3
|
+
require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
|
4
|
+
|
5
|
+
module Net::SSH::Transport::Kex
|
6
|
+
|
7
|
+
# A key-exchange service implementing the
|
8
|
+
# "diffie-hellman-group-exchange-sha1" key-exchange algorithm.
|
9
|
+
class DiffieHellmanGroupExchangeSHA1 < DiffieHellmanGroup1SHA1
|
10
|
+
MINIMUM_BITS = 1024
|
11
|
+
MAXIMUM_BITS = 8192
|
12
|
+
|
13
|
+
KEXDH_GEX_GROUP = 31
|
14
|
+
KEXDH_GEX_INIT = 32
|
15
|
+
KEXDH_GEX_REPLY = 33
|
16
|
+
KEXDH_GEX_REQUEST = 34
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
# Compute the number of bits needed for the given number of bytes.
|
21
|
+
def compute_need_bits
|
22
|
+
need_bits = data[:need_bytes] * 8
|
23
|
+
if need_bits < MINIMUM_BITS
|
24
|
+
need_bits = MINIMUM_BITS
|
25
|
+
elsif need_bits > MAXIMUM_BITS
|
26
|
+
need_bits = MAXIMUM_BITS
|
27
|
+
end
|
28
|
+
|
29
|
+
data[:need_bits ] = need_bits
|
30
|
+
data[:need_bytes] = need_bits / 8
|
31
|
+
end
|
32
|
+
|
33
|
+
# Returns the DH key parameters for the given session.
|
34
|
+
def get_parameters
|
35
|
+
compute_need_bits
|
36
|
+
|
37
|
+
# request the DH key parameters for the given number of bits.
|
38
|
+
buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, MINIMUM_BITS,
|
39
|
+
:long, data[:need_bits], :long, MAXIMUM_BITS)
|
40
|
+
connection.send_message(buffer)
|
41
|
+
|
42
|
+
buffer = connection.next_message
|
43
|
+
unless buffer.type == KEXDH_GEX_GROUP
|
44
|
+
raise Net::SSH::Exception, "expected KEXDH_GEX_GROUP, got #{buffer.type}"
|
45
|
+
end
|
46
|
+
|
47
|
+
p = buffer.read_bignum
|
48
|
+
g = buffer.read_bignum
|
49
|
+
|
50
|
+
[p, g]
|
51
|
+
end
|
52
|
+
|
53
|
+
# Returns the INIT/REPLY constants used by this algorithm.
|
54
|
+
def get_message_types
|
55
|
+
[KEXDH_GEX_INIT, KEXDH_GEX_REPLY]
|
56
|
+
end
|
57
|
+
|
58
|
+
# Build the signature buffer to use when verifying a signature from
|
59
|
+
# the server.
|
60
|
+
def build_signature_buffer(result)
|
61
|
+
response = Net::SSH::Buffer.new
|
62
|
+
response.write_string data[:client_version_string],
|
63
|
+
data[:server_version_string],
|
64
|
+
data[:client_algorithm_packet],
|
65
|
+
data[:server_algorithm_packet],
|
66
|
+
result[:key_blob]
|
67
|
+
response.write_long MINIMUM_BITS,
|
68
|
+
data[:need_bits],
|
69
|
+
MAXIMUM_BITS
|
70
|
+
response.write_bignum dh.p, dh.g, dh.pub_key,
|
71
|
+
result[:server_dh_pubkey],
|
72
|
+
result[:shared_secret]
|
73
|
+
response
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
end
|
@@ -0,0 +1,127 @@
|
|
1
|
+
require 'openssl'
|
2
|
+
|
3
|
+
module OpenSSL
|
4
|
+
|
5
|
+
# This class is originally defined in the OpenSSL module. As needed, methods
|
6
|
+
# have been added to it by the Net::SSH module for convenience in dealing with
|
7
|
+
# SSH functionality.
|
8
|
+
class BN
|
9
|
+
|
10
|
+
# Converts a BN object to a string. The format used is that which is
|
11
|
+
# required by the SSH2 protocol.
|
12
|
+
def to_ssh
|
13
|
+
if zero?
|
14
|
+
return [0].pack("N")
|
15
|
+
else
|
16
|
+
buf = to_s(2)
|
17
|
+
if buf.getbyte(0)[7] == 1
|
18
|
+
return [buf.length+1, 0, buf].pack("NCA*")
|
19
|
+
else
|
20
|
+
return [buf.length, buf].pack("NA*")
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
|
27
|
+
module PKey
|
28
|
+
|
29
|
+
class PKey
|
30
|
+
def fingerprint
|
31
|
+
@fingerprint ||= OpenSSL::Digest::MD5.hexdigest(to_blob).scan(/../).join(":")
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
# This class is originally defined in the OpenSSL module. As needed, methods
|
36
|
+
# have been added to it by the Net::SSH module for convenience in dealing
|
37
|
+
# with SSH functionality.
|
38
|
+
class DH
|
39
|
+
|
40
|
+
# Determines whether the pub_key for this key is valid. (This algorithm
|
41
|
+
# lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
|
42
|
+
def valid?
|
43
|
+
return false if pub_key.nil? || pub_key < 0
|
44
|
+
bits_set = 0
|
45
|
+
pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
|
46
|
+
return ( bits_set > 1 && pub_key < p )
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
|
51
|
+
# This class is originally defined in the OpenSSL module. As needed, methods
|
52
|
+
# have been added to it by the Net::SSH module for convenience in dealing
|
53
|
+
# with SSH functionality.
|
54
|
+
class RSA
|
55
|
+
|
56
|
+
# Returns "ssh-rsa", which is the description of this key type used by the
|
57
|
+
# SSH2 protocol.
|
58
|
+
def ssh_type
|
59
|
+
"ssh-rsa"
|
60
|
+
end
|
61
|
+
|
62
|
+
# Converts the key to a blob, according to the SSH2 protocol.
|
63
|
+
def to_blob
|
64
|
+
@blob ||= Net::SSH::Buffer.from(:string, ssh_type, :bignum, e, :bignum, n).to_s
|
65
|
+
end
|
66
|
+
|
67
|
+
# Verifies the given signature matches the given data.
|
68
|
+
def ssh_do_verify(sig, data)
|
69
|
+
verify(OpenSSL::Digest::SHA1.new, sig, data)
|
70
|
+
end
|
71
|
+
|
72
|
+
# Returns the signature for the given data.
|
73
|
+
def ssh_do_sign(data)
|
74
|
+
sign(OpenSSL::Digest::SHA1.new, data)
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
78
|
+
# This class is originally defined in the OpenSSL module. As needed, methods
|
79
|
+
# have been added to it by the Net::SSH module for convenience in dealing
|
80
|
+
# with SSH functionality.
|
81
|
+
class DSA
|
82
|
+
|
83
|
+
# Returns "ssh-dss", which is the description of this key type used by the
|
84
|
+
# SSH2 protocol.
|
85
|
+
def ssh_type
|
86
|
+
"ssh-dss"
|
87
|
+
end
|
88
|
+
|
89
|
+
# Converts the key to a blob, according to the SSH2 protocol.
|
90
|
+
def to_blob
|
91
|
+
@blob ||= Net::SSH::Buffer.from(:string, ssh_type,
|
92
|
+
:bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
|
93
|
+
end
|
94
|
+
|
95
|
+
# Verifies the given signature matches the given data.
|
96
|
+
def ssh_do_verify(sig, data)
|
97
|
+
sig_r = sig[0,20].unpack("H*")[0].to_i(16)
|
98
|
+
sig_s = sig[20,20].unpack("H*")[0].to_i(16)
|
99
|
+
a1sig = OpenSSL::ASN1::Sequence([
|
100
|
+
OpenSSL::ASN1::Integer(sig_r),
|
101
|
+
OpenSSL::ASN1::Integer(sig_s)
|
102
|
+
])
|
103
|
+
return verify(OpenSSL::Digest::DSS1.new, a1sig.to_der, data)
|
104
|
+
end
|
105
|
+
|
106
|
+
# Signs the given data.
|
107
|
+
def ssh_do_sign(data)
|
108
|
+
sig = sign( OpenSSL::Digest::DSS1.new, data)
|
109
|
+
a1sig = OpenSSL::ASN1.decode( sig )
|
110
|
+
|
111
|
+
sig_r = a1sig.value[0].value.to_s(2)
|
112
|
+
sig_s = a1sig.value[1].value.to_s(2)
|
113
|
+
|
114
|
+
if sig_r.length > 20 || sig_s.length > 20
|
115
|
+
raise OpenSSL::PKey::DSAError, "bad sig size"
|
116
|
+
end
|
117
|
+
|
118
|
+
sig_r = "\0" * ( 20 - sig_r.length ) + sig_r if sig_r.length < 20
|
119
|
+
sig_s = "\0" * ( 20 - sig_s.length ) + sig_s if sig_s.length < 20
|
120
|
+
|
121
|
+
return sig_r + sig_s
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
end
|
126
|
+
|
127
|
+
end
|
@@ -0,0 +1,235 @@
|
|
1
|
+
require 'net/ssh/buffered_io'
|
2
|
+
require 'net/ssh/errors'
|
3
|
+
require 'net/ssh/packet'
|
4
|
+
require 'net/ssh/ruby_compat'
|
5
|
+
require 'net/ssh/transport/cipher_factory'
|
6
|
+
require 'net/ssh/transport/hmac'
|
7
|
+
require 'net/ssh/transport/state'
|
8
|
+
|
9
|
+
|
10
|
+
module Net; module SSH; module Transport
|
11
|
+
|
12
|
+
# A module that builds additional functionality onto the Net::SSH::BufferedIo
|
13
|
+
# module. It adds SSH encryption, compression, and packet validation, as
|
14
|
+
# per the SSH2 protocol. It also adds an abstraction for polling packets,
|
15
|
+
# to allow for both blocking and non-blocking reads.
|
16
|
+
module PacketStream
|
17
|
+
include BufferedIo
|
18
|
+
|
19
|
+
def self.extended(object)
|
20
|
+
object.__send__(:initialize_ssh)
|
21
|
+
end
|
22
|
+
|
23
|
+
# The map of "hints" that can be used to modify the behavior of the packet
|
24
|
+
# stream. For instance, when authentication succeeds, an "authenticated"
|
25
|
+
# hint is set, which is used to determine whether or not to compress the
|
26
|
+
# data when using the "delayed" compression algorithm.
|
27
|
+
attr_reader :hints
|
28
|
+
|
29
|
+
# The server state object, which encapsulates the algorithms used to interpret
|
30
|
+
# packets coming from the server.
|
31
|
+
attr_reader :server
|
32
|
+
|
33
|
+
# The client state object, which encapsulates the algorithms used to build
|
34
|
+
# packets to send to the server.
|
35
|
+
attr_reader :client
|
36
|
+
|
37
|
+
# The name of the client (local) end of the socket, as reported by the
|
38
|
+
# socket.
|
39
|
+
def client_name
|
40
|
+
@client_name ||= begin
|
41
|
+
sockaddr = getsockname
|
42
|
+
begin
|
43
|
+
Socket.getnameinfo(sockaddr, Socket::NI_NAMEREQD).first
|
44
|
+
rescue
|
45
|
+
begin
|
46
|
+
Socket.getnameinfo(sockaddr).first
|
47
|
+
rescue
|
48
|
+
begin
|
49
|
+
Socket.gethostbyname(Socket.gethostname).first
|
50
|
+
rescue
|
51
|
+
lwarn { "the client ipaddr/name could not be determined" }
|
52
|
+
"unknown"
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
# The IP address of the peer (remote) end of the socket, as reported by
|
60
|
+
# the socket.
|
61
|
+
def peer_ip
|
62
|
+
@peer_ip ||=
|
63
|
+
if respond_to?(:getpeername)
|
64
|
+
addr = getpeername
|
65
|
+
Socket.getnameinfo(addr, Socket::NI_NUMERICHOST | Socket::NI_NUMERICSERV).first
|
66
|
+
else
|
67
|
+
"<no hostip for proxy command>"
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
# Returns true if the IO is available for reading, and false otherwise.
|
72
|
+
def available_for_read?
|
73
|
+
result = Net::SSH::Compat.io_select([self], nil, nil, 0)
|
74
|
+
result && result.first.any?
|
75
|
+
end
|
76
|
+
|
77
|
+
# Returns the next full packet. If the mode parameter is :nonblock (the
|
78
|
+
# default), then this will return immediately, whether a packet is
|
79
|
+
# available or not, and will return nil if there is no packet ready to be
|
80
|
+
# returned. If the mode parameter is :block, then this method will block
|
81
|
+
# until a packet is available.
|
82
|
+
def next_packet(mode=:nonblock)
|
83
|
+
case mode
|
84
|
+
when :nonblock then
|
85
|
+
fill if available_for_read?
|
86
|
+
poll_next_packet
|
87
|
+
|
88
|
+
when :block then
|
89
|
+
loop do
|
90
|
+
packet = poll_next_packet
|
91
|
+
return packet if packet
|
92
|
+
|
93
|
+
loop do
|
94
|
+
result = Net::SSH::Compat.io_select([self]) or next
|
95
|
+
break if result.first.any?
|
96
|
+
end
|
97
|
+
|
98
|
+
if fill <= 0
|
99
|
+
raise Net::SSH::Disconnect, "connection closed by remote host"
|
100
|
+
end
|
101
|
+
end
|
102
|
+
|
103
|
+
else
|
104
|
+
raise ArgumentError, "expected :block or :nonblock, got #{mode.inspect}"
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
# Enqueues a packet to be sent, and blocks until the entire packet is
|
109
|
+
# sent.
|
110
|
+
def send_packet(payload)
|
111
|
+
enqueue_packet(payload)
|
112
|
+
wait_for_pending_sends
|
113
|
+
end
|
114
|
+
|
115
|
+
# Enqueues a packet to be sent, but does not immediately send the packet.
|
116
|
+
# The given payload is pre-processed according to the algorithms specified
|
117
|
+
# in the client state (compression, cipher, and hmac).
|
118
|
+
def enqueue_packet(payload)
|
119
|
+
# try to compress the packet
|
120
|
+
payload = client.compress(payload)
|
121
|
+
|
122
|
+
# the length of the packet, minus the padding
|
123
|
+
actual_length = 4 + payload.length + 1
|
124
|
+
|
125
|
+
# compute the padding length
|
126
|
+
padding_length = client.block_size - (actual_length % client.block_size)
|
127
|
+
padding_length += client.block_size if padding_length < 4
|
128
|
+
|
129
|
+
# compute the packet length (sans the length field itself)
|
130
|
+
packet_length = payload.length + padding_length + 1
|
131
|
+
|
132
|
+
if packet_length < 16
|
133
|
+
padding_length += client.block_size
|
134
|
+
packet_length = payload.length + padding_length + 1
|
135
|
+
end
|
136
|
+
|
137
|
+
padding = Array.new(padding_length) { rand(256) }.pack("C*")
|
138
|
+
|
139
|
+
unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
|
140
|
+
mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
|
141
|
+
|
142
|
+
encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
|
143
|
+
message = encrypted_data + mac
|
144
|
+
|
145
|
+
debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
|
146
|
+
enqueue(message)
|
147
|
+
|
148
|
+
client.increment(packet_length)
|
149
|
+
|
150
|
+
self
|
151
|
+
end
|
152
|
+
|
153
|
+
# Performs any pending cleanup necessary on the IO and its associated
|
154
|
+
# state objects. (See State#cleanup).
|
155
|
+
def cleanup
|
156
|
+
client.cleanup
|
157
|
+
server.cleanup
|
158
|
+
end
|
159
|
+
|
160
|
+
# If the IO object requires a rekey operation (as indicated by either its
|
161
|
+
# client or server state objects, see State#needs_rekey?), this will
|
162
|
+
# yield. Otherwise, this does nothing.
|
163
|
+
def if_needs_rekey?
|
164
|
+
if client.needs_rekey? || server.needs_rekey?
|
165
|
+
yield
|
166
|
+
client.reset! if client.needs_rekey?
|
167
|
+
server.reset! if server.needs_rekey?
|
168
|
+
end
|
169
|
+
end
|
170
|
+
|
171
|
+
protected
|
172
|
+
|
173
|
+
# Called when this module is used to extend an object. It initializes
|
174
|
+
# the states and generally prepares the object for use as a packet stream.
|
175
|
+
def initialize_ssh
|
176
|
+
@hints = {}
|
177
|
+
@server = State.new(self, :server)
|
178
|
+
@client = State.new(self, :client)
|
179
|
+
@packet = nil
|
180
|
+
initialize_buffered_io
|
181
|
+
end
|
182
|
+
|
183
|
+
# Tries to read the next packet. If there is insufficient data to read
|
184
|
+
# an entire packet, this returns immediately, otherwise the packet is
|
185
|
+
# read, post-processed according to the cipher, hmac, and compression
|
186
|
+
# algorithms specified in the server state object, and returned as a
|
187
|
+
# new Packet object.
|
188
|
+
def poll_next_packet
|
189
|
+
if @packet.nil?
|
190
|
+
minimum = server.block_size < 4 ? 4 : server.block_size
|
191
|
+
return nil if available < minimum
|
192
|
+
data = read_available(minimum)
|
193
|
+
|
194
|
+
# decipher it
|
195
|
+
@packet = Net::SSH::Buffer.new(server.update_cipher(data))
|
196
|
+
@packet_length = @packet.read_long
|
197
|
+
end
|
198
|
+
|
199
|
+
need = @packet_length + 4 - server.block_size
|
200
|
+
raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
|
201
|
+
|
202
|
+
return nil if available < need + server.hmac.mac_length
|
203
|
+
|
204
|
+
if need > 0
|
205
|
+
# read the remainder of the packet and decrypt it.
|
206
|
+
data = read_available(need)
|
207
|
+
@packet.append(server.update_cipher(data))
|
208
|
+
end
|
209
|
+
|
210
|
+
# get the hmac from the tail of the packet (if one exists), and
|
211
|
+
# then validate it.
|
212
|
+
real_hmac = read_available(server.hmac.mac_length) || ""
|
213
|
+
|
214
|
+
@packet.append(server.final_cipher)
|
215
|
+
padding_length = @packet.read_byte
|
216
|
+
|
217
|
+
payload = @packet.read(@packet_length - padding_length - 1)
|
218
|
+
padding = @packet.read(padding_length) if padding_length > 0
|
219
|
+
|
220
|
+
my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
|
221
|
+
raise Net::SSH::Exception, "corrupted mac detected" if real_hmac != my_computed_hmac
|
222
|
+
|
223
|
+
# try to decompress the payload, in case compression is active
|
224
|
+
payload = server.decompress(payload)
|
225
|
+
|
226
|
+
debug { "received packet nr #{server.sequence_number} type #{payload.getbyte(0)} len #{@packet_length}" }
|
227
|
+
|
228
|
+
server.increment(@packet_length)
|
229
|
+
@packet = nil
|
230
|
+
|
231
|
+
return Packet.new(payload)
|
232
|
+
end
|
233
|
+
end
|
234
|
+
|
235
|
+
end; end; end
|
@@ -0,0 +1,71 @@
|
|
1
|
+
require 'net/ssh/errors'
|
2
|
+
require 'net/ssh/loggable'
|
3
|
+
require 'net/ssh/version'
|
4
|
+
|
5
|
+
module Net; module SSH; module Transport
|
6
|
+
|
7
|
+
# Negotiates the SSH protocol version and trades information about server
|
8
|
+
# and client. This is never used directly--it is always called by the
|
9
|
+
# transport layer as part of the initialization process of the transport
|
10
|
+
# layer.
|
11
|
+
#
|
12
|
+
# Note that this class also encapsulates the negotiated version, and acts as
|
13
|
+
# the authoritative reference for any queries regarding the version in effect.
|
14
|
+
class ServerVersion
|
15
|
+
include Loggable
|
16
|
+
|
17
|
+
# The SSH version string as reported by Net::SSH
|
18
|
+
PROTO_VERSION = "SSH-2.0-Ruby/Net::SSH_#{Net::SSH::Version::CURRENT} #{RUBY_PLATFORM}"
|
19
|
+
|
20
|
+
# Any header text sent by the server prior to sending the version.
|
21
|
+
attr_reader :header
|
22
|
+
|
23
|
+
# The version string reported by the server.
|
24
|
+
attr_reader :version
|
25
|
+
|
26
|
+
# Instantiates a new ServerVersion and immediately (and synchronously)
|
27
|
+
# negotiates the SSH protocol in effect, using the given socket.
|
28
|
+
def initialize(socket, logger)
|
29
|
+
@header = ""
|
30
|
+
@version = nil
|
31
|
+
@logger = logger
|
32
|
+
negotiate!(socket)
|
33
|
+
end
|
34
|
+
|
35
|
+
private
|
36
|
+
|
37
|
+
# Negotiates the SSH protocol to use, via the given socket. If the server
|
38
|
+
# reports an incompatible SSH version (e.g., SSH1), this will raise an
|
39
|
+
# exception.
|
40
|
+
def negotiate!(socket)
|
41
|
+
info { "negotiating protocol version" }
|
42
|
+
|
43
|
+
loop do
|
44
|
+
@version = ""
|
45
|
+
loop do
|
46
|
+
begin
|
47
|
+
b = socket.readpartial(1)
|
48
|
+
raise Net::SSH::Disconnect, "connection closed by remote host" if b.nil?
|
49
|
+
rescue EOFError => e
|
50
|
+
raise Net::SSH::Disconnect, "connection closed by remote host"
|
51
|
+
end
|
52
|
+
@version << b
|
53
|
+
break if b == "\n"
|
54
|
+
end
|
55
|
+
break if @version.match(/^SSH-/)
|
56
|
+
@header << @version
|
57
|
+
end
|
58
|
+
|
59
|
+
@version.chomp!
|
60
|
+
debug { "remote is `#{@version}'" }
|
61
|
+
|
62
|
+
unless @version.match(/^SSH-(1\.99|2\.0)-/)
|
63
|
+
raise Net::SSH::Exception, "incompatible SSH version `#{@version}'"
|
64
|
+
end
|
65
|
+
|
66
|
+
debug { "local is `#{PROTO_VERSION}'" }
|
67
|
+
socket.write "#{PROTO_VERSION}\r\n"
|
68
|
+
socket.flush
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end; end; end
|