Class: HrrRbSsh::Authentication

Inherits:
Object
  • Object
show all
Includes:
Constant, Loggable
Defined in:
lib/hrr_rb_ssh/authentication.rb,
lib/hrr_rb_ssh/authentication/method.rb,
lib/hrr_rb_ssh/authentication/constant.rb,
lib/hrr_rb_ssh/authentication/method/none.rb,
lib/hrr_rb_ssh/authentication/authenticator.rb,
lib/hrr_rb_ssh/authentication/method/password.rb,
lib/hrr_rb_ssh/authentication/method/publickey.rb,
lib/hrr_rb_ssh/authentication/method/none/context.rb,
lib/hrr_rb_ssh/authentication/method/password/context.rb,
lib/hrr_rb_ssh/authentication/method/publickey/context.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb,
lib/hrr_rb_ssh/authentication/method/keyboard_interactive.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb,
lib/hrr_rb_ssh/authentication/method/keyboard_interactive/context.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb,
lib/hrr_rb_ssh/authentication/method/keyboard_interactive/info_request.rb,
lib/hrr_rb_ssh/authentication/method/keyboard_interactive/info_response.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/signature_blob.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb

Defined Under Namespace

Modules: Constant Classes: Authenticator, Method

Constant Summary

Constants included from Constant

Constant::FAILURE, Constant::PARTIAL_SUCCESS, Constant::SERVICE_NAME, Constant::SUCCESS

Instance Attribute Summary

Attributes included from Loggable

#log_key, #logger

Instance Method Summary collapse

Methods included from Loggable

#log_debug, #log_error, #log_fatal, #log_info, #log_warn

Constructor Details

#initialize(transport, mode, options = {}, logger: nil) ⇒ Authentication

Returns a new instance of Authentication.



16
17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 16

def initialize transport, mode, options={}, logger: nil
  self.logger = logger

  @transport = transport
  @mode = mode
  @options = options

  @transport.register_acceptable_service SERVICE_NAME

  @closed = nil

  @username = nil
  @variables = {}
end

Instance Method Details

#authenticateObject 



84
85
86
87
88
89
90
91
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 84

def authenticate
  case @mode
  when Mode::SERVER
    respond_to_authentication
  when Mode::CLIENT
    request_authentication
  end
end

#closeObject 



62
63
64
65
66
67
68
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 62

def close
  return if @closed
  log_info { "close authentication" }
  @closed = true
  @transport.close
  log_info { "authentication closed" }
end

#closed?Boolean

Returns:

  • (Boolean) 


70
71
72
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 70

def closed?
  @closed
end

#receiveObject

Raises:



41
42
43
44
45
46
47
48
49
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 41

def receive
  raise Error::ClosedAuthentication if @closed
  begin
    @transport.receive
  rescue Error::ClosedTransport
    close
    raise Error::ClosedAuthentication
  end
end

#request_authenticationObject 



140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 140

def request_authentication
  authentication_methods = (@options['authentication_preferred_authentication_methods'].dup rescue nil) || Method.list_preferred # rescue nil.dup for Ruby version < 2.4
  log_info { "preferred authentication methods: #{authentication_methods}" }
  next_method_name = "none"
  log_info { "authentication request begins with none method" }
  loop do
    log_info { "authentication method: #{next_method_name}" }
    method = Method[next_method_name].new(@transport, {'session id' => @transport.session_id}.merge(@options), @variables, authentication_methods, logger: logger)
    payload = method.request_authentication @options['username'], "ssh-connection"
    case payload[0,1].unpack("C")[0]
    when Message::SSH_MSG_USERAUTH_SUCCESS::VALUE
      log_info { "verified" }
      @username = @options['username']
      @closed = false
      break
    when Message::SSH_MSG_USERAUTH_FAILURE::VALUE
      message = Message::SSH_MSG_USERAUTH_FAILURE.new(logger: logger).decode payload
      partial_success = message[:'partial success']
      if partial_success
        log_info { "partially verified" }
      end
      authentication_methods_that_can_continue = message[:'authentications that can continue']
      log_debug { "authentication methods that can continue: #{authentication_methods_that_can_continue}" }
      next_method_name = authentication_methods.find{ |local_m| authentication_methods_that_can_continue.find{ |remote_m| local_m == remote_m } }
      if next_method_name
        authentication_methods.delete next_method_name
        log_info { "continue" }
      else
        log_info { "no more available authentication methods" }
        @closed = true
        raise "failed authentication"
      end
    end
  end
end

#respond_to_authenticationObject 



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 93

def respond_to_authentication
  authentication_methods = (@options['authentication_preferred_authentication_methods'].dup rescue nil) || Method.list_preferred # rescue nil.dup for Ruby version < 2.4
  log_info { "preferred authentication methods: #{authentication_methods}" }
  loop do
    payload = @transport.receive
    case payload[0,1].unpack("C")[0]
    when Message::SSH_MSG_USERAUTH_REQUEST::VALUE
      userauth_request_message = Message::SSH_MSG_USERAUTH_REQUEST.new(logger: logger).decode payload
      method_name = userauth_request_message[:'method name']
      log_info { "authentication method: #{method_name}" }
      method = Method[method_name].new(@transport, {'session id' => @transport.session_id}.merge(@options), @variables, authentication_methods, logger: logger)
      result = method.authenticate(userauth_request_message)
      case result
      when true, SUCCESS
        log_info { "verified" }
        send_userauth_success
        @username = userauth_request_message[:'user name']
        @closed = false
        break
      when PARTIAL_SUCCESS
        log_info { "partially verified" }
        authentication_methods.delete method_name
        log_debug { "authentication methods that can continue: #{authentication_methods}" }
        if authentication_methods.empty?
          log_info { "verified" }
          send_userauth_success
          @username = userauth_request_message[:'user name']
          @closed = false
          break
        else
          log_info { "continue" }
          send_userauth_failure authentication_methods, true
        end
      when String
        log_info { "send method specific message to continue" }
        send_method_specific_message result
      else # when false, FAILURE
        log_info { "verify failed" }
        send_userauth_failure authentication_methods, false
      end
    else
      close
      raise Error::ClosedAuthentication
    end
  end
end

#send(payload) ⇒ Object

Raises:



31
32
33
34
35
36
37
38
39
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 31

def send payload
  raise Error::ClosedAuthentication if @closed
  begin
    @transport.send payload
  rescue Error::ClosedTransport
    close
    raise Error::ClosedAuthentication
  end
end

#send_method_specific_message(payload) ⇒ Object 



194
195
196
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 194

def send_method_specific_message payload
  @transport.send payload
end

#send_userauth_failure(authentication_methods, partial_success) ⇒ Object 



176
177
178
179
180
181
182
183
184
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 176

def send_userauth_failure authentication_methods, partial_success
  message = {
    :'message number'                    => Message::SSH_MSG_USERAUTH_FAILURE::VALUE,
    :'authentications that can continue' => authentication_methods,
    :'partial success'                   => partial_success,
  }
  payload = Message::SSH_MSG_USERAUTH_FAILURE.new(logger: logger).encode message
  @transport.send payload
end

#send_userauth_successObject 



186
187
188
189
190
191
192
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 186

def send_userauth_success
  message = {
    :'message number' => Message::SSH_MSG_USERAUTH_SUCCESS::VALUE,
  }
  payload = Message::SSH_MSG_USERAUTH_SUCCESS.new(logger: logger).encode message
  @transport.send payload
end

#startObject 



51
52
53
54
55
56
57
58
59
60
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 51

def start
  log_info { "start authentication" }
  begin
    @transport.start
    authenticate
  rescue Error::ClosedTransport
    close
    raise Error::ClosedAuthentication
  end
end

#usernameObject

Raises:



74
75
76
77
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 74

def username
  raise Error::ClosedAuthentication if @closed
  @username
end

#variablesObject

Raises:



79
80
81
82
 
# File 'lib/hrr_rb_ssh/authentication.rb', line 79

def variables
  raise Error::ClosedAuthentication if @closed
  @variables
end