diff options
| author | Miklos Fazekas <mfazekas@szemafor.com> | 2018-03-21 16:09:10 +0100 |
|---|---|---|
| committer | Miklos Fazekas <mfazekas@szemafor.com> | 2018-03-21 16:09:18 +0100 |
| commit | 069c2e5c1036445d924d3a00a17111322473765a (patch) | |
| tree | defc9c72322b151ccdd9dafad7e24a19ef71405c /lib/net/ssh/authentication | |
| parent | 8f545802bbf05931dfcb46434a54c1fdfdfb7fb4 (diff) | |
| download | net-ssh-whitespace-fixes.tar.gz | |
Whitespace fixeswhitespace-fixes
Diffstat (limited to 'lib/net/ssh/authentication')
| -rw-r--r-- | lib/net/ssh/authentication/agent.rb | 69 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/certificate.rb | 50 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/constants.rb | 13 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/ed25519.rb | 4 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/ed25519_loader.rb | 4 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/methods/abstract.rb | 32 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/pageant.rb | 4 | ||||
| -rw-r--r-- | lib/net/ssh/authentication/session.rb | 4 |
8 files changed, 97 insertions, 83 deletions
diff --git a/lib/net/ssh/authentication/agent.rb b/lib/net/ssh/authentication/agent.rb index 08bbc60..6ba1730 100644 --- a/lib/net/ssh/authentication/agent.rb +++ b/lib/net/ssh/authentication/agent.rb @@ -8,8 +8,8 @@ require 'rubygems' require 'net/ssh/authentication/pageant' if Gem.win_platform? && RUBY_PLATFORM != "java" -module Net - module SSH +module Net + module SSH module Authentication # Class for representing agent-specific errors. class AgentError < Net::SSH::Exception; end @@ -24,13 +24,13 @@ module Net # some SSH2 functionality (like signing data). class Agent include Loggable - + # A simple module for extending keys, to allow comments to be specified # for them. module Comment attr_accessor :comment end - + SSH2_AGENT_REQUEST_VERSION = 1 SSH2_AGENT_REQUEST_IDENTITIES = 11 SSH2_AGENT_IDENTITIES_ANSWER = 12 @@ -42,24 +42,24 @@ module Net SSH2_AGENT_ADD_ID_CONSTRAINED = 25 SSH2_AGENT_FAILURE = 30 SSH2_AGENT_VERSION_RESPONSE = 103 - + SSH_COM_AGENT2_FAILURE = 102 - + SSH_AGENT_REQUEST_RSA_IDENTITIES = 1 SSH_AGENT_RSA_IDENTITIES_ANSWER1 = 2 SSH_AGENT_RSA_IDENTITIES_ANSWER2 = 5 SSH_AGENT_FAILURE = 5 SSH_AGENT_SUCCESS = 6 - + SSH_AGENT_CONSTRAIN_LIFETIME = 1 SSH_AGENT_CONSTRAIN_CONFIRM = 2 - + SSH_AGENT_RSA_SHA2_256 = 0x02 SSH_AGENT_RSA_SHA2_512 = 0x04 - + # The underlying socket being used to communicate with the SSH agent. attr_reader :socket - + # Instantiates a new agent object, connects to a running SSH agent, # negotiates the agent protocol version, and returns the agent object. def self.connect(logger=nil, agent_socket_factory = nil) @@ -68,13 +68,13 @@ module Net agent.negotiate! agent end - + # Creates a new Agent object, using the optional logger instance to # report status. def initialize(logger=nil) self.logger = logger end - + # Connect to the agent process using the socket factory and socket name # given by the attribute writers. If the agent on the other end of the # socket reports that it is an SSH2-compatible agent, this will fail @@ -95,13 +95,13 @@ module Net error { "could not connect to ssh-agent: #{e.message}" } raise AgentNotAvailable, $!.message end - + # Attempts to negotiate the SSH agent protocol version. Raises an error # if the version could not be negotiated successfully. def negotiate! # determine what type of agent we're communicating with type, body = send_and_wait(SSH2_AGENT_REQUEST_VERSION, :string, Transport::ServerVersion::PROTO_VERSION) - + raise AgentNotAvailable, "SSH2 agents are not yet supported" if type == SSH2_AGENT_VERSION_RESPONSE if type == SSH2_AGENT_FAILURE debug { "Unexpected response type==#{type}, this will be ignored" } @@ -109,7 +109,7 @@ module Net raise AgentNotAvailable, "unknown response from agent: #{type}, #{body.to_s.inspect}" end end - + # Return an array of all identities (public keys) known to the agent. # Each key returned is augmented with a +comment+ property which is set # to the comment returned by the agent for that key. @@ -117,7 +117,7 @@ module Net type, body = send_and_wait(SSH2_AGENT_REQUEST_IDENTITIES) raise AgentError, "could not get identity count" if agent_failed(type) raise AgentError, "bad authentication reply: #{type}" if type != SSH2_AGENT_IDENTITIES_ANSWER - + identities = [] body.read_long.times do key_str = body.read_string @@ -131,27 +131,27 @@ module Net error { "ignoring unimplemented key:#{e.message} #{comment_str}" } end end - + return identities end - + # Closes this socket. This agent reference is no longer able to # query the agent. def close @socket.close end - + # Using the agent and the given public key, sign the given data. The # signature is returned in SSH2 format. def sign(key, data, flags = 0) type, reply = send_and_wait(SSH2_AGENT_SIGN_REQUEST, :string, Buffer.from(:key, key), :string, data, :long, flags) - + raise AgentError, "agent could not sign data with requested identity" if agent_failed(type) raise AgentError, "bad authentication response #{type}" if type != SSH2_AGENT_SIGN_RESPONSE - + return reply.read_string end - + # Adds the private key with comment to the agent. # If lifetime is given, the key will automatically be removed after lifetime # seconds. @@ -164,31 +164,31 @@ module Net constraints.write_long(lifetime) end constraints.write_byte(SSH_AGENT_CONSTRAIN_CONFIRM) if confirm - + req_type = constraints.empty? ? SSH2_AGENT_ADD_IDENTITY : SSH2_AGENT_ADD_ID_CONSTRAINED type, = send_and_wait(req_type, :string, priv_key.ssh_type, :raw, blob_for_add(priv_key), :string, comment, :raw, constraints) raise AgentError, "could not add identity to agent" if type != SSH_AGENT_SUCCESS end - + # Removes key from the agent. def remove_identity(key) type, = send_and_wait(SSH2_AGENT_REMOVE_IDENTITY, :string, key.to_blob) raise AgentError, "could not remove identity from agent" if type != SSH_AGENT_SUCCESS end - + # Removes all identities from the agent. def remove_all_identities type, = send_and_wait(SSH2_AGENT_REMOVE_ALL_IDENTITIES) raise AgentError, "could not remove all identity from agent" if type != SSH_AGENT_SUCCESS end - + private - + def unix_socket_class defined?(UNIXSocket) && UNIXSocket end - + # Send a new packet of the given type, with the associated data. def send_packet(type, *args) buffer = Buffer.from(*args) @@ -196,7 +196,7 @@ module Net debug { "sending agent request #{type} len #{buffer.length}" } @socket.send data, 0 end - + # Read the next packet from the agent. This will return a two-part # tuple consisting of the packet type, and the packet's body (which # is returned as a Net::SSH::Buffer). @@ -207,14 +207,14 @@ module Net debug { "received agent packet #{type} len #{buffer.length - 4}" } return type, buffer end - + # Send the given packet and return the subsequent reply from the agent. # (See #send_packet and #read_packet). def send_and_wait(type, *args) send_packet(type, *args) read_packet end - + # Returns +true+ if the parameter indicates a "failure" response from # the agent, and +false+ otherwise. def agent_failed(type) @@ -222,7 +222,7 @@ module Net type == SSH2_AGENT_FAILURE || type == SSH_COM_AGENT2_FAILURE end - + def blob_for_add(priv_key) # Ideally we'd have something like `to_private_blob` on the various key types, but the # nuances with encoding (e.g. `n` and `e` are reversed for RSA keys) make this impractical. @@ -257,5 +257,6 @@ module Net end end end - -end; end; end + end + end +end diff --git a/lib/net/ssh/authentication/certificate.rb b/lib/net/ssh/authentication/certificate.rb index cfd8c4e..ecf5df8 100644 --- a/lib/net/ssh/authentication/certificate.rb +++ b/lib/net/ssh/authentication/certificate.rb @@ -1,7 +1,7 @@ require 'securerandom' -module Net - module SSH +module Net + module SSH module Authentication # Class for representing an SSH certificate. # @@ -20,7 +20,7 @@ module Net attr_accessor :reserved attr_accessor :signature_key attr_accessor :signature - + # Read a certificate blob associated with a key of the given type. def self.read_certblob(buffer, type) cert = Certificate.new @@ -39,15 +39,15 @@ module Net cert.signature = buffer.read_string cert end - + def ssh_type key.ssh_type + "-cert-v01@openssh.com" end - + def ssh_signature_type key.ssh_type end - + # Serializes the certificate (and key). def to_blob Buffer.from( @@ -55,23 +55,23 @@ module Net :string, signature ).to_s end - + def ssh_do_sign(data) key.ssh_do_sign(data) end - + def ssh_do_verify(sig, data) key.ssh_do_verify(sig, data) end - + def to_pem key.to_pem end - + def fingerprint key.fingerprint end - + # Signs the certificate with key. def sign!(key, sign_nonce=nil) # ssh-keygen uses 32 bytes of nonce. @@ -83,19 +83,19 @@ module Net ).to_s self end - + def sign(key, sign_nonce=nil) cert = clone cert.sign!(key, sign_nonce) end - + # Checks whether the certificate's signature was signed by signature key. def signature_valid? buffer = Buffer.new(signature) buffer.read_string # skip signature format signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature) end - + def self.read_options(buffer) names = [] options = buffer.read_buffer.read_all do |b| @@ -105,33 +105,33 @@ module Net data = Buffer.new(data).read_string unless data.empty? [name, data] end - + raise ArgumentError, "option/extension names must be in sorted order" if names.sort != names - + Hash[options] end private_class_method :read_options - + def self.type_symbol(type) types = { 1 => :user, 2 => :host } raise ArgumentError("unsupported type: #{type}") unless types.include?(type) types.fetch(type) end private_class_method :type_symbol - + private - + def type_value(type) types = { user: 1, host: 2 } raise ArgumentError("unsupported type: #{type}") unless types.include?(type) types.fetch(type) end - + def ssh_time(t) # Times in certificates are represented as a uint64. [[t.to_i, 0].max, 2 << 64 - 1].min end - + def to_blob_without_signature Buffer.from( :string, ssh_type, @@ -149,14 +149,14 @@ module Net :string, signature_key.to_blob ).to_s end - + def key_without_type # key.to_blob gives us e.g. "ssh-rsa,<key>" but we just want "<key>". tmp = Buffer.new(key.to_blob) tmp.read_string # skip the underlying key type tmp.read end - + def options_to_blob(options) options.keys.sort.inject(Buffer.new) do |b, name| b.write_string(name) @@ -166,4 +166,6 @@ module Net end.to_s end end -end; end; end + end + end +end diff --git a/lib/net/ssh/authentication/constants.rb b/lib/net/ssh/authentication/constants.rb index d4a12e0..d0b88b0 100644 --- a/lib/net/ssh/authentication/constants.rb +++ b/lib/net/ssh/authentication/constants.rb @@ -1,5 +1,5 @@ -module Net - module SSH +module Net + module SSH module Authentication # Describes the constants used by the Net::SSH::Authentication components @@ -10,11 +10,12 @@ module Net USERAUTH_FAILURE = 51 USERAUTH_SUCCESS = 52 USERAUTH_BANNER = 53 - + USERAUTH_PASSWD_CHANGEREQ = 60 USERAUTH_PK_OK = 60 - + USERAUTH_METHOD_RANGE = 60..79 end - -end; end; end
\ No newline at end of file + end + end +end diff --git a/lib/net/ssh/authentication/ed25519.rb b/lib/net/ssh/authentication/ed25519.rb index 2f98fa1..3ab10b9 100644 --- a/lib/net/ssh/authentication/ed25519.rb +++ b/lib/net/ssh/authentication/ed25519.rb @@ -147,4 +147,6 @@ module Net end end end -end; end; end + end + end +end diff --git a/lib/net/ssh/authentication/ed25519_loader.rb b/lib/net/ssh/authentication/ed25519_loader.rb index 0e0cf30..8390f59 100644 --- a/lib/net/ssh/authentication/ed25519_loader.rb +++ b/lib/net/ssh/authentication/ed25519_loader.rb @@ -29,4 +29,6 @@ module Net end end -end; end; end + end + end +end diff --git a/lib/net/ssh/authentication/methods/abstract.rb b/lib/net/ssh/authentication/methods/abstract.rb index 2da2eba..bcddd4f 100644 --- a/lib/net/ssh/authentication/methods/abstract.rb +++ b/lib/net/ssh/authentication/methods/abstract.rb @@ -3,9 +3,9 @@ require 'net/ssh/errors' require 'net/ssh/loggable' require 'net/ssh/authentication/constants' -module Net - module SSH - module Authentication +module Net + module SSH + module Authentication module Methods # The base class of all user authentication methods. It provides a few @@ -13,14 +13,14 @@ module Net class Abstract include Loggable include Constants - + # The authentication session object attr_reader :session - + # The key manager object. Not all authentication methods will require # this. attr_reader :key_manager - + # Instantiates a new authentication method. def initialize(session, options={}) @session = session @@ -29,26 +29,26 @@ module Net @prompt = options[:password_prompt] self.logger = session.logger end - + # Returns the session-id, as generated during the first key exchange of # an SSH connection. def session_id session.transport.algorithms.session_id end - + # Sends a message via the underlying transport layer abstraction. This # will block until the message is completely sent. def send_message(msg) session.transport.send_message(msg) end - + # Creates a new USERAUTH_REQUEST packet. The extra arguments on the end # must be either boolean values or strings, and are tacked onto the end # of the packet. The new packet is returned, ready for sending. def userauth_request(username, next_service, auth_method, *others) buffer = Net::SSH::Buffer.from(:byte, USERAUTH_REQUEST, :string, username, :string, next_service, :string, auth_method) - + others.each do |value| case value when true, false then buffer.write_bool(value) @@ -56,13 +56,15 @@ module Net else raise ArgumentError, "don't know how to write #{value.inspect}" end end - + buffer end - + private - + attr_reader :prompt end - -end; end; end; end
\ No newline at end of file + end + end + end +end diff --git a/lib/net/ssh/authentication/pageant.rb b/lib/net/ssh/authentication/pageant.rb index 3804afa..48dd3ab 100644 --- a/lib/net/ssh/authentication/pageant.rb +++ b/lib/net/ssh/authentication/pageant.rb @@ -492,4 +492,6 @@ module Net end end -end; end; end + end + end +end diff --git a/lib/net/ssh/authentication/session.rb b/lib/net/ssh/authentication/session.rb index b52ce26..9724d8b 100644 --- a/lib/net/ssh/authentication/session.rb +++ b/lib/net/ssh/authentication/session.rb @@ -155,4 +155,6 @@ module Net Array(options[:key_data]) end end -end; end; end + end + end +end |