tpkg 2.3.3 → 2.3.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (205) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +1 -0
  3. data/Gemfile +4 -0
  4. data/LICENSE +20 -0
  5. data/Portfile +39 -0
  6. data/Portfile.template +39 -0
  7. data/README.md +43 -0
  8. data/Rakefile +468 -18
  9. data/bin/gem2tpkg +2 -2
  10. data/bin/tpkg +18 -13
  11. data/bin/tpkg_uploader +132 -0
  12. data/ca.pem +1 -0
  13. data/control +7 -0
  14. data/depend +3 -0
  15. data/externals-etch/authorized_keys +40 -0
  16. data/externals-etch/group +9 -0
  17. data/externals-etch/iptables +38 -0
  18. data/externals-etch/limits +30 -0
  19. data/externals-etch/nfs +30 -0
  20. data/externals-etch/sudo +30 -0
  21. data/externals-etch/supplemental_groups +8 -0
  22. data/externals-etch/sysctl +30 -0
  23. data/externals-etch/user +41 -0
  24. data/externals/group +39 -0
  25. data/externals/supplemental_groups +48 -0
  26. data/externals/user +39 -0
  27. data/lib/tpkg.rb +260 -991
  28. data/lib/tpkg/os.rb +164 -0
  29. data/lib/tpkg/os/debian.rb +159 -0
  30. data/lib/tpkg/os/freebsd.rb +113 -0
  31. data/lib/tpkg/os/macosx.rb +113 -0
  32. data/lib/tpkg/os/redhat.rb +173 -0
  33. data/lib/tpkg/os/solaris.rb +101 -0
  34. data/lib/tpkg/os/windows.rb +26 -0
  35. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify.rb +67 -0
  36. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/errors.rb +127 -0
  37. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/kwalify.schema.yaml +58 -0
  38. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/main.rb +442 -0
  39. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/messages.rb +173 -0
  40. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/meta-validator.rb +275 -0
  41. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/parser/base.rb +127 -0
  42. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/parser/yaml.rb +841 -0
  43. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/rule.rb +559 -0
  44. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/templates/genclass-java.eruby +222 -0
  45. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/templates/genclass-php.eruby +104 -0
  46. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/templates/genclass-ruby.eruby +113 -0
  47. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/types.rb +156 -0
  48. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util.rb +158 -0
  49. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/assert-text-equal.rb +46 -0
  50. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/hash-interface.rb +18 -0
  51. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/hashlike.rb +51 -0
  52. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/option-parser.rb +220 -0
  53. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/ordered-hash.rb +57 -0
  54. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/util/testcase-helper.rb +112 -0
  55. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/validator.rb +282 -0
  56. data/lib/tpkg/thirdparty/kwalify-0.7.2/lib/kwalify/yaml-parser.rb +870 -0
  57. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh.rb +219 -0
  58. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/agent.rb +179 -0
  59. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/constants.rb +18 -0
  60. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/key_manager.rb +219 -0
  61. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/abstract.rb +60 -0
  62. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/hostbased.rb +71 -0
  63. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/keyboard_interactive.rb +66 -0
  64. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/password.rb +39 -0
  65. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/methods/publickey.rb +92 -0
  66. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/pageant.rb +183 -0
  67. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/authentication/session.rb +134 -0
  68. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/buffer.rb +340 -0
  69. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/buffered_io.rb +198 -0
  70. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/config.rb +205 -0
  71. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/connection/channel.rb +630 -0
  72. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/connection/constants.rb +33 -0
  73. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/connection/session.rb +597 -0
  74. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/connection/term.rb +178 -0
  75. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/errors.rb +85 -0
  76. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/key_factory.rb +102 -0
  77. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/known_hosts.rb +129 -0
  78. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/loggable.rb +61 -0
  79. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/packet.rb +102 -0
  80. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/prompt.rb +93 -0
  81. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/command.rb +75 -0
  82. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/errors.rb +14 -0
  83. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/http.rb +94 -0
  84. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/socks4.rb +70 -0
  85. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/proxy/socks5.rb +142 -0
  86. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/ruby_compat.rb +43 -0
  87. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/service/forward.rb +288 -0
  88. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test.rb +89 -0
  89. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/channel.rb +129 -0
  90. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/extensions.rb +152 -0
  91. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/kex.rb +44 -0
  92. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/local_packet.rb +51 -0
  93. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/packet.rb +81 -0
  94. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/remote_packet.rb +38 -0
  95. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/script.rb +157 -0
  96. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/test/socket.rb +64 -0
  97. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/algorithms.rb +384 -0
  98. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/cipher_factory.rb +97 -0
  99. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/constants.rb +30 -0
  100. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac.rb +31 -0
  101. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/abstract.rb +79 -0
  102. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/md5.rb +12 -0
  103. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/md5_96.rb +11 -0
  104. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/none.rb +15 -0
  105. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/sha1.rb +13 -0
  106. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/hmac/sha1_96.rb +11 -0
  107. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/identity_cipher.rb +55 -0
  108. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/kex.rb +13 -0
  109. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/kex/diffie_hellman_group1_sha1.rb +208 -0
  110. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/kex/diffie_hellman_group_exchange_sha1.rb +77 -0
  111. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/openssl.rb +127 -0
  112. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/packet_stream.rb +235 -0
  113. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/server_version.rb +71 -0
  114. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/session.rb +276 -0
  115. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/transport/state.rb +206 -0
  116. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/verifiers/lenient.rb +30 -0
  117. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/verifiers/null.rb +12 -0
  118. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/verifiers/strict.rb +53 -0
  119. data/lib/tpkg/thirdparty/net-ssh-2.1.0/lib/net/ssh/version.rb +62 -0
  120. data/lib/tpkg/version.rb +3 -0
  121. data/man/man1/cpan2tpkg.1 +82 -0
  122. data/man/man1/gem2tpkg.1 +120 -0
  123. data/man/man1/tpkg.1 +411 -0
  124. data/pkginfo +8 -0
  125. data/postinstall.solaris +11 -0
  126. data/postremove.solaris +16 -0
  127. data/schema/schema-1.0.5.yml +0 -0
  128. data/schema/schema-1.0.6.yml +0 -0
  129. data/schema/schema-1.0.7.yml +0 -0
  130. data/schema/schema-1.0.8.yml +0 -0
  131. data/schema/schema-1.0.9.yml +0 -0
  132. data/schema/schema.yml +0 -0
  133. data/schema/tpkg-1.0.0.dtd +0 -0
  134. data/schema/tpkg-1.0.1.dtd +0 -0
  135. data/schema/tpkg-1.0.2.dtd +0 -0
  136. data/schema/tpkg-1.0.3.dtd +0 -0
  137. data/schema/tpkg-1.0.4.dtd +0 -0
  138. data/schema/tpkg-1.0.5.dtd +0 -0
  139. data/schema/tpkg-1.0.6.dtd +0 -0
  140. data/schema/tpkg-1.0.7.dtd +0 -0
  141. data/schema/tpkg-1.0.8.dtd +0 -0
  142. data/schema/tpkg-1.0.9.dtd +0 -0
  143. data/schema/tpkg.dtd +0 -0
  144. data/test/TODO +30 -0
  145. data/test/premadetestpkg/pkg_without_file_metadata-1.0-1.tpkg +0 -0
  146. data/test/test_checksum.rb +53 -0
  147. data/test/test_compress.rb +55 -0
  148. data/test/test_conflict.rb +41 -0
  149. data/test/test_crontabs.rb +398 -0
  150. data/test/test_dependency.rb +1113 -0
  151. data/test/test_downgrade.rb +80 -0
  152. data/test/test_download.rb +95 -0
  153. data/test/test_encrypt.rb +136 -0
  154. data/test/test_filemetadata.rb +131 -0
  155. data/test/test_initscript.rb +93 -0
  156. data/test/test_install.rb +186 -0
  157. data/test/test_lock.rb +82 -0
  158. data/test/test_make.rb +410 -0
  159. data/test/test_metadata.rb +805 -0
  160. data/test/test_misc.rb +379 -0
  161. data/test/test_options.rb +1711 -0
  162. data/test/test_os.rb +193 -0
  163. data/test/test_os_debian.rb +99 -0
  164. data/test/test_os_freebsd.rb +89 -0
  165. data/test/test_os_macosx.rb +79 -0
  166. data/test/test_os_redhat.rb +124 -0
  167. data/test/test_os_solaris.rb +85 -0
  168. data/test/test_os_windows.rb +26 -0
  169. data/test/test_query.rb +134 -0
  170. data/test/test_remove.rb +539 -0
  171. data/test/test_tar.rb +99 -0
  172. data/test/test_unpack.rb +977 -0
  173. data/test/test_upgrade.rb +398 -0
  174. data/test/test_version.rb +54 -0
  175. data/test/testcmds/crontab +14 -0
  176. data/test/testcmds/debian/apt-cache +145 -0
  177. data/test/testcmds/debian/dpkg-query +16 -0
  178. data/test/testcmds/freebsd/pkg_info +13 -0
  179. data/test/testcmds/macosx/port +35 -0
  180. data/test/testcmds/redhat/rpmbuild +6 -0
  181. data/test/testcmds/redhat/yum +90 -0
  182. data/test/testcmds/solaris/pkginfo +25 -0
  183. data/test/testcmds/solaris/pkgutil +36 -0
  184. data/test/testpkg/reloc/encfile +2 -0
  185. data/test/testpkg/reloc/file +2 -0
  186. data/test/testpkg/reloc/precryptfile +1 -0
  187. data/test/testpkg/reloc/precryptfile.plaintext +3 -0
  188. data/test/testpkg/tpkg-bad-ownergroup.xml +25 -0
  189. data/test/testpkg/tpkg-bad-ownergroup.yml +18 -0
  190. data/test/testpkg/tpkg-default-perms.xml +28 -0
  191. data/test/testpkg/tpkg-default-perms.yml +20 -0
  192. data/test/testpkg/tpkg-good-ownergroup.xml +25 -0
  193. data/test/testpkg/tpkg-good-ownergroup.yml +18 -0
  194. data/test/testpkg/tpkg-nativedeps.yml +13 -0
  195. data/test/testpkg/tpkg-nofiles.xml +14 -0
  196. data/test/testpkg/tpkg-nofiles.yml +9 -0
  197. data/test/testpkg/tpkg.xml +35 -0
  198. data/test/testpkg/tpkg.yml +25 -0
  199. data/test/tpkgtest.rb +300 -0
  200. data/tpkg.conf +16 -0
  201. data/tpkg.gemspec +24 -0
  202. data/tpkg.spec +28 -0
  203. data/tpkg.xml +17 -0
  204. data/tpkg_profile.sh +32 -0
  205. metadata +306 -31
@@ -0,0 +1,77 @@
1
+ require 'net/ssh/errors'
2
+ require 'net/ssh/transport/constants'
3
+ require 'net/ssh/transport/kex/diffie_hellman_group1_sha1'
4
+
5
+ module Net::SSH::Transport::Kex
6
+
7
+ # A key-exchange service implementing the
8
+ # "diffie-hellman-group-exchange-sha1" key-exchange algorithm.
9
+ class DiffieHellmanGroupExchangeSHA1 < DiffieHellmanGroup1SHA1
10
+ MINIMUM_BITS = 1024
11
+ MAXIMUM_BITS = 8192
12
+
13
+ KEXDH_GEX_GROUP = 31
14
+ KEXDH_GEX_INIT = 32
15
+ KEXDH_GEX_REPLY = 33
16
+ KEXDH_GEX_REQUEST = 34
17
+
18
+ private
19
+
20
+ # Compute the number of bits needed for the given number of bytes.
21
+ def compute_need_bits
22
+ need_bits = data[:need_bytes] * 8
23
+ if need_bits < MINIMUM_BITS
24
+ need_bits = MINIMUM_BITS
25
+ elsif need_bits > MAXIMUM_BITS
26
+ need_bits = MAXIMUM_BITS
27
+ end
28
+
29
+ data[:need_bits ] = need_bits
30
+ data[:need_bytes] = need_bits / 8
31
+ end
32
+
33
+ # Returns the DH key parameters for the given session.
34
+ def get_parameters
35
+ compute_need_bits
36
+
37
+ # request the DH key parameters for the given number of bits.
38
+ buffer = Net::SSH::Buffer.from(:byte, KEXDH_GEX_REQUEST, :long, MINIMUM_BITS,
39
+ :long, data[:need_bits], :long, MAXIMUM_BITS)
40
+ connection.send_message(buffer)
41
+
42
+ buffer = connection.next_message
43
+ unless buffer.type == KEXDH_GEX_GROUP
44
+ raise Net::SSH::Exception, "expected KEXDH_GEX_GROUP, got #{buffer.type}"
45
+ end
46
+
47
+ p = buffer.read_bignum
48
+ g = buffer.read_bignum
49
+
50
+ [p, g]
51
+ end
52
+
53
+ # Returns the INIT/REPLY constants used by this algorithm.
54
+ def get_message_types
55
+ [KEXDH_GEX_INIT, KEXDH_GEX_REPLY]
56
+ end
57
+
58
+ # Build the signature buffer to use when verifying a signature from
59
+ # the server.
60
+ def build_signature_buffer(result)
61
+ response = Net::SSH::Buffer.new
62
+ response.write_string data[:client_version_string],
63
+ data[:server_version_string],
64
+ data[:client_algorithm_packet],
65
+ data[:server_algorithm_packet],
66
+ result[:key_blob]
67
+ response.write_long MINIMUM_BITS,
68
+ data[:need_bits],
69
+ MAXIMUM_BITS
70
+ response.write_bignum dh.p, dh.g, dh.pub_key,
71
+ result[:server_dh_pubkey],
72
+ result[:shared_secret]
73
+ response
74
+ end
75
+ end
76
+
77
+ end
@@ -0,0 +1,127 @@
1
+ require 'openssl'
2
+
3
+ module OpenSSL
4
+
5
+ # This class is originally defined in the OpenSSL module. As needed, methods
6
+ # have been added to it by the Net::SSH module for convenience in dealing with
7
+ # SSH functionality.
8
+ class BN
9
+
10
+ # Converts a BN object to a string. The format used is that which is
11
+ # required by the SSH2 protocol.
12
+ def to_ssh
13
+ if zero?
14
+ return [0].pack("N")
15
+ else
16
+ buf = to_s(2)
17
+ if buf.getbyte(0)[7] == 1
18
+ return [buf.length+1, 0, buf].pack("NCA*")
19
+ else
20
+ return [buf.length, buf].pack("NA*")
21
+ end
22
+ end
23
+ end
24
+
25
+ end
26
+
27
+ module PKey
28
+
29
+ class PKey
30
+ def fingerprint
31
+ @fingerprint ||= OpenSSL::Digest::MD5.hexdigest(to_blob).scan(/../).join(":")
32
+ end
33
+ end
34
+
35
+ # This class is originally defined in the OpenSSL module. As needed, methods
36
+ # have been added to it by the Net::SSH module for convenience in dealing
37
+ # with SSH functionality.
38
+ class DH
39
+
40
+ # Determines whether the pub_key for this key is valid. (This algorithm
41
+ # lifted more-or-less directly from OpenSSH, dh.c, dh_pub_is_valid.)
42
+ def valid?
43
+ return false if pub_key.nil? || pub_key < 0
44
+ bits_set = 0
45
+ pub_key.num_bits.times { |i| bits_set += 1 if pub_key.bit_set?(i) }
46
+ return ( bits_set > 1 && pub_key < p )
47
+ end
48
+
49
+ end
50
+
51
+ # This class is originally defined in the OpenSSL module. As needed, methods
52
+ # have been added to it by the Net::SSH module for convenience in dealing
53
+ # with SSH functionality.
54
+ class RSA
55
+
56
+ # Returns "ssh-rsa", which is the description of this key type used by the
57
+ # SSH2 protocol.
58
+ def ssh_type
59
+ "ssh-rsa"
60
+ end
61
+
62
+ # Converts the key to a blob, according to the SSH2 protocol.
63
+ def to_blob
64
+ @blob ||= Net::SSH::Buffer.from(:string, ssh_type, :bignum, e, :bignum, n).to_s
65
+ end
66
+
67
+ # Verifies the given signature matches the given data.
68
+ def ssh_do_verify(sig, data)
69
+ verify(OpenSSL::Digest::SHA1.new, sig, data)
70
+ end
71
+
72
+ # Returns the signature for the given data.
73
+ def ssh_do_sign(data)
74
+ sign(OpenSSL::Digest::SHA1.new, data)
75
+ end
76
+ end
77
+
78
+ # This class is originally defined in the OpenSSL module. As needed, methods
79
+ # have been added to it by the Net::SSH module for convenience in dealing
80
+ # with SSH functionality.
81
+ class DSA
82
+
83
+ # Returns "ssh-dss", which is the description of this key type used by the
84
+ # SSH2 protocol.
85
+ def ssh_type
86
+ "ssh-dss"
87
+ end
88
+
89
+ # Converts the key to a blob, according to the SSH2 protocol.
90
+ def to_blob
91
+ @blob ||= Net::SSH::Buffer.from(:string, ssh_type,
92
+ :bignum, p, :bignum, q, :bignum, g, :bignum, pub_key).to_s
93
+ end
94
+
95
+ # Verifies the given signature matches the given data.
96
+ def ssh_do_verify(sig, data)
97
+ sig_r = sig[0,20].unpack("H*")[0].to_i(16)
98
+ sig_s = sig[20,20].unpack("H*")[0].to_i(16)
99
+ a1sig = OpenSSL::ASN1::Sequence([
100
+ OpenSSL::ASN1::Integer(sig_r),
101
+ OpenSSL::ASN1::Integer(sig_s)
102
+ ])
103
+ return verify(OpenSSL::Digest::DSS1.new, a1sig.to_der, data)
104
+ end
105
+
106
+ # Signs the given data.
107
+ def ssh_do_sign(data)
108
+ sig = sign( OpenSSL::Digest::DSS1.new, data)
109
+ a1sig = OpenSSL::ASN1.decode( sig )
110
+
111
+ sig_r = a1sig.value[0].value.to_s(2)
112
+ sig_s = a1sig.value[1].value.to_s(2)
113
+
114
+ if sig_r.length > 20 || sig_s.length > 20
115
+ raise OpenSSL::PKey::DSAError, "bad sig size"
116
+ end
117
+
118
+ sig_r = "\0" * ( 20 - sig_r.length ) + sig_r if sig_r.length < 20
119
+ sig_s = "\0" * ( 20 - sig_s.length ) + sig_s if sig_s.length < 20
120
+
121
+ return sig_r + sig_s
122
+ end
123
+ end
124
+
125
+ end
126
+
127
+ end
@@ -0,0 +1,235 @@
1
+ require 'net/ssh/buffered_io'
2
+ require 'net/ssh/errors'
3
+ require 'net/ssh/packet'
4
+ require 'net/ssh/ruby_compat'
5
+ require 'net/ssh/transport/cipher_factory'
6
+ require 'net/ssh/transport/hmac'
7
+ require 'net/ssh/transport/state'
8
+
9
+
10
+ module Net; module SSH; module Transport
11
+
12
+ # A module that builds additional functionality onto the Net::SSH::BufferedIo
13
+ # module. It adds SSH encryption, compression, and packet validation, as
14
+ # per the SSH2 protocol. It also adds an abstraction for polling packets,
15
+ # to allow for both blocking and non-blocking reads.
16
+ module PacketStream
17
+ include BufferedIo
18
+
19
+ def self.extended(object)
20
+ object.__send__(:initialize_ssh)
21
+ end
22
+
23
+ # The map of "hints" that can be used to modify the behavior of the packet
24
+ # stream. For instance, when authentication succeeds, an "authenticated"
25
+ # hint is set, which is used to determine whether or not to compress the
26
+ # data when using the "delayed" compression algorithm.
27
+ attr_reader :hints
28
+
29
+ # The server state object, which encapsulates the algorithms used to interpret
30
+ # packets coming from the server.
31
+ attr_reader :server
32
+
33
+ # The client state object, which encapsulates the algorithms used to build
34
+ # packets to send to the server.
35
+ attr_reader :client
36
+
37
+ # The name of the client (local) end of the socket, as reported by the
38
+ # socket.
39
+ def client_name
40
+ @client_name ||= begin
41
+ sockaddr = getsockname
42
+ begin
43
+ Socket.getnameinfo(sockaddr, Socket::NI_NAMEREQD).first
44
+ rescue
45
+ begin
46
+ Socket.getnameinfo(sockaddr).first
47
+ rescue
48
+ begin
49
+ Socket.gethostbyname(Socket.gethostname).first
50
+ rescue
51
+ lwarn { "the client ipaddr/name could not be determined" }
52
+ "unknown"
53
+ end
54
+ end
55
+ end
56
+ end
57
+ end
58
+
59
+ # The IP address of the peer (remote) end of the socket, as reported by
60
+ # the socket.
61
+ def peer_ip
62
+ @peer_ip ||=
63
+ if respond_to?(:getpeername)
64
+ addr = getpeername
65
+ Socket.getnameinfo(addr, Socket::NI_NUMERICHOST | Socket::NI_NUMERICSERV).first
66
+ else
67
+ "<no hostip for proxy command>"
68
+ end
69
+ end
70
+
71
+ # Returns true if the IO is available for reading, and false otherwise.
72
+ def available_for_read?
73
+ result = Net::SSH::Compat.io_select([self], nil, nil, 0)
74
+ result && result.first.any?
75
+ end
76
+
77
+ # Returns the next full packet. If the mode parameter is :nonblock (the
78
+ # default), then this will return immediately, whether a packet is
79
+ # available or not, and will return nil if there is no packet ready to be
80
+ # returned. If the mode parameter is :block, then this method will block
81
+ # until a packet is available.
82
+ def next_packet(mode=:nonblock)
83
+ case mode
84
+ when :nonblock then
85
+ fill if available_for_read?
86
+ poll_next_packet
87
+
88
+ when :block then
89
+ loop do
90
+ packet = poll_next_packet
91
+ return packet if packet
92
+
93
+ loop do
94
+ result = Net::SSH::Compat.io_select([self]) or next
95
+ break if result.first.any?
96
+ end
97
+
98
+ if fill <= 0
99
+ raise Net::SSH::Disconnect, "connection closed by remote host"
100
+ end
101
+ end
102
+
103
+ else
104
+ raise ArgumentError, "expected :block or :nonblock, got #{mode.inspect}"
105
+ end
106
+ end
107
+
108
+ # Enqueues a packet to be sent, and blocks until the entire packet is
109
+ # sent.
110
+ def send_packet(payload)
111
+ enqueue_packet(payload)
112
+ wait_for_pending_sends
113
+ end
114
+
115
+ # Enqueues a packet to be sent, but does not immediately send the packet.
116
+ # The given payload is pre-processed according to the algorithms specified
117
+ # in the client state (compression, cipher, and hmac).
118
+ def enqueue_packet(payload)
119
+ # try to compress the packet
120
+ payload = client.compress(payload)
121
+
122
+ # the length of the packet, minus the padding
123
+ actual_length = 4 + payload.length + 1
124
+
125
+ # compute the padding length
126
+ padding_length = client.block_size - (actual_length % client.block_size)
127
+ padding_length += client.block_size if padding_length < 4
128
+
129
+ # compute the packet length (sans the length field itself)
130
+ packet_length = payload.length + padding_length + 1
131
+
132
+ if packet_length < 16
133
+ padding_length += client.block_size
134
+ packet_length = payload.length + padding_length + 1
135
+ end
136
+
137
+ padding = Array.new(padding_length) { rand(256) }.pack("C*")
138
+
139
+ unencrypted_data = [packet_length, padding_length, payload, padding].pack("NCA*A*")
140
+ mac = client.hmac.digest([client.sequence_number, unencrypted_data].pack("NA*"))
141
+
142
+ encrypted_data = client.update_cipher(unencrypted_data) << client.final_cipher
143
+ message = encrypted_data + mac
144
+
145
+ debug { "queueing packet nr #{client.sequence_number} type #{payload.getbyte(0)} len #{packet_length}" }
146
+ enqueue(message)
147
+
148
+ client.increment(packet_length)
149
+
150
+ self
151
+ end
152
+
153
+ # Performs any pending cleanup necessary on the IO and its associated
154
+ # state objects. (See State#cleanup).
155
+ def cleanup
156
+ client.cleanup
157
+ server.cleanup
158
+ end
159
+
160
+ # If the IO object requires a rekey operation (as indicated by either its
161
+ # client or server state objects, see State#needs_rekey?), this will
162
+ # yield. Otherwise, this does nothing.
163
+ def if_needs_rekey?
164
+ if client.needs_rekey? || server.needs_rekey?
165
+ yield
166
+ client.reset! if client.needs_rekey?
167
+ server.reset! if server.needs_rekey?
168
+ end
169
+ end
170
+
171
+ protected
172
+
173
+ # Called when this module is used to extend an object. It initializes
174
+ # the states and generally prepares the object for use as a packet stream.
175
+ def initialize_ssh
176
+ @hints = {}
177
+ @server = State.new(self, :server)
178
+ @client = State.new(self, :client)
179
+ @packet = nil
180
+ initialize_buffered_io
181
+ end
182
+
183
+ # Tries to read the next packet. If there is insufficient data to read
184
+ # an entire packet, this returns immediately, otherwise the packet is
185
+ # read, post-processed according to the cipher, hmac, and compression
186
+ # algorithms specified in the server state object, and returned as a
187
+ # new Packet object.
188
+ def poll_next_packet
189
+ if @packet.nil?
190
+ minimum = server.block_size < 4 ? 4 : server.block_size
191
+ return nil if available < minimum
192
+ data = read_available(minimum)
193
+
194
+ # decipher it
195
+ @packet = Net::SSH::Buffer.new(server.update_cipher(data))
196
+ @packet_length = @packet.read_long
197
+ end
198
+
199
+ need = @packet_length + 4 - server.block_size
200
+ raise Net::SSH::Exception, "padding error, need #{need} block #{server.block_size}" if need % server.block_size != 0
201
+
202
+ return nil if available < need + server.hmac.mac_length
203
+
204
+ if need > 0
205
+ # read the remainder of the packet and decrypt it.
206
+ data = read_available(need)
207
+ @packet.append(server.update_cipher(data))
208
+ end
209
+
210
+ # get the hmac from the tail of the packet (if one exists), and
211
+ # then validate it.
212
+ real_hmac = read_available(server.hmac.mac_length) || ""
213
+
214
+ @packet.append(server.final_cipher)
215
+ padding_length = @packet.read_byte
216
+
217
+ payload = @packet.read(@packet_length - padding_length - 1)
218
+ padding = @packet.read(padding_length) if padding_length > 0
219
+
220
+ my_computed_hmac = server.hmac.digest([server.sequence_number, @packet.content].pack("NA*"))
221
+ raise Net::SSH::Exception, "corrupted mac detected" if real_hmac != my_computed_hmac
222
+
223
+ # try to decompress the payload, in case compression is active
224
+ payload = server.decompress(payload)
225
+
226
+ debug { "received packet nr #{server.sequence_number} type #{payload.getbyte(0)} len #{@packet_length}" }
227
+
228
+ server.increment(@packet_length)
229
+ @packet = nil
230
+
231
+ return Packet.new(payload)
232
+ end
233
+ end
234
+
235
+ end; end; end
@@ -0,0 +1,71 @@
1
+ require 'net/ssh/errors'
2
+ require 'net/ssh/loggable'
3
+ require 'net/ssh/version'
4
+
5
+ module Net; module SSH; module Transport
6
+
7
+ # Negotiates the SSH protocol version and trades information about server
8
+ # and client. This is never used directly--it is always called by the
9
+ # transport layer as part of the initialization process of the transport
10
+ # layer.
11
+ #
12
+ # Note that this class also encapsulates the negotiated version, and acts as
13
+ # the authoritative reference for any queries regarding the version in effect.
14
+ class ServerVersion
15
+ include Loggable
16
+
17
+ # The SSH version string as reported by Net::SSH
18
+ PROTO_VERSION = "SSH-2.0-Ruby/Net::SSH_#{Net::SSH::Version::CURRENT} #{RUBY_PLATFORM}"
19
+
20
+ # Any header text sent by the server prior to sending the version.
21
+ attr_reader :header
22
+
23
+ # The version string reported by the server.
24
+ attr_reader :version
25
+
26
+ # Instantiates a new ServerVersion and immediately (and synchronously)
27
+ # negotiates the SSH protocol in effect, using the given socket.
28
+ def initialize(socket, logger)
29
+ @header = ""
30
+ @version = nil
31
+ @logger = logger
32
+ negotiate!(socket)
33
+ end
34
+
35
+ private
36
+
37
+ # Negotiates the SSH protocol to use, via the given socket. If the server
38
+ # reports an incompatible SSH version (e.g., SSH1), this will raise an
39
+ # exception.
40
+ def negotiate!(socket)
41
+ info { "negotiating protocol version" }
42
+
43
+ loop do
44
+ @version = ""
45
+ loop do
46
+ begin
47
+ b = socket.readpartial(1)
48
+ raise Net::SSH::Disconnect, "connection closed by remote host" if b.nil?
49
+ rescue EOFError => e
50
+ raise Net::SSH::Disconnect, "connection closed by remote host"
51
+ end
52
+ @version << b
53
+ break if b == "\n"
54
+ end
55
+ break if @version.match(/^SSH-/)
56
+ @header << @version
57
+ end
58
+
59
+ @version.chomp!
60
+ debug { "remote is `#{@version}'" }
61
+
62
+ unless @version.match(/^SSH-(1\.99|2\.0)-/)
63
+ raise Net::SSH::Exception, "incompatible SSH version `#{@version}'"
64
+ end
65
+
66
+ debug { "local is `#{PROTO_VERSION}'" }
67
+ socket.write "#{PROTO_VERSION}\r\n"
68
+ socket.flush
69
+ end
70
+ end
71
+ end; end; end