Class: HrrRbSsh::Authentication
- Inherits:
-
Object
- Object
- HrrRbSsh::Authentication
show all
- Includes:
- Constant, Loggable
- Defined in:
- lib/hrr_rb_ssh/authentication.rb,
lib/hrr_rb_ssh/authentication/method.rb,
lib/hrr_rb_ssh/authentication/constant.rb,
lib/hrr_rb_ssh/authentication/method/none.rb,
lib/hrr_rb_ssh/authentication/authenticator.rb,
lib/hrr_rb_ssh/authentication/method/password.rb,
lib/hrr_rb_ssh/authentication/method/publickey.rb,
lib/hrr_rb_ssh/authentication/method/none/context.rb,
lib/hrr_rb_ssh/authentication/method/password/context.rb,
lib/hrr_rb_ssh/authentication/method/publickey/context.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm.rb,
lib/hrr_rb_ssh/authentication/method/keyboard_interactive.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_dss.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ssh_rsa.rb,
lib/hrr_rb_ssh/authentication/method/keyboard_interactive/context.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/functionable.rb,
lib/hrr_rb_ssh/authentication/method/keyboard_interactive/info_request.rb,
lib/hrr_rb_ssh/authentication/method/keyboard_interactive/info_response.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/signature_blob.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp256.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp384.rb,
lib/hrr_rb_ssh/authentication/method/publickey/algorithm/ecdsa_sha2_nistp521.rb
Defined Under Namespace
Modules: Constant
Classes: Authenticator, Method
Constant Summary
Constants included
from Constant
Constant::FAILURE, Constant::PARTIAL_SUCCESS, Constant::SERVICE_NAME, Constant::SUCCESS
Instance Attribute Summary
Attributes included from Loggable
#log_key, #logger
Instance Method Summary
collapse
Methods included from Loggable
#log_debug, #log_error, #log_fatal, #log_info, #log_warn
Constructor Details
#initialize(transport, mode, options = {}, logger: nil) ⇒ Authentication
Returns a new instance of Authentication.
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 16
def initialize transport, mode, options={}, logger: nil
self.logger = logger
@transport = transport
@mode = mode
@options = options
@transport.register_acceptable_service SERVICE_NAME
@closed = nil
@username = nil
@variables = {}
end
|
Instance Method Details
#authenticate ⇒ Object
74
75
76
77
78
79
80
81
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 74
def authenticate
case @mode
when Mode::SERVER
respond_to_authentication
when Mode::CLIENT
request_authentication
end
end
|
#close ⇒ Object
54
55
56
57
58
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 54
def close
return if @closed
@closed = true
@transport.close
end
|
#closed? ⇒ Boolean
60
61
62
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 60
def closed?
@closed
end
|
#request_authentication ⇒ Object
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 130
def request_authentication
authentication_methods = (@options['authentication_preferred_authentication_methods'].dup rescue nil) || Method.list_preferred log_info { "preferred authentication methods: #{authentication_methods}" }
next_method_name = "none"
log_info { "authentication request begins with none method" }
loop do
log_info { "authentication method: #{next_method_name}" }
method = Method[next_method_name].new(@transport, {'session id' => @transport.session_id}.merge(@options), @variables, authentication_methods, logger: logger)
payload = method.request_authentication @options['username'], "ssh-connection"
case payload[0,1].unpack("C")[0]
when Message::SSH_MSG_USERAUTH_SUCCESS::VALUE
log_info { "verified" }
@username = @options['username']
@closed = false
break
when Message::SSH_MSG_USERAUTH_FAILURE::VALUE
message = Message::SSH_MSG_USERAUTH_FAILURE.new(logger: logger).decode payload
partial_success = message[:'partial success']
if partial_success
log_info { "partially verified" }
end
authentication_methods_that_can_continue = message[:'authentications that can continue']
log_debug { "authentication methods that can continue: #{authentication_methods_that_can_continue}" }
next_method_name = authentication_methods.find{ |local_m| authentication_methods_that_can_continue.find{ |remote_m| local_m == remote_m } }
if next_method_name
authentication_methods.delete next_method_name
log_info { "continue" }
else
log_info { "no more available authentication methods" }
@closed = true
raise "failed authentication"
end
end
end
end
|
#respond_to_authentication ⇒ Object
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 83
def respond_to_authentication
authentication_methods = (@options['authentication_preferred_authentication_methods'].dup rescue nil) || Method.list_preferred log_info { "preferred authentication methods: #{authentication_methods}" }
loop do
payload = @transport.receive
case payload[0,1].unpack("C")[0]
when Message::SSH_MSG_USERAUTH_REQUEST::VALUE
userauth_request_message = Message::SSH_MSG_USERAUTH_REQUEST.new(logger: logger).decode payload
method_name = userauth_request_message[:'method name']
log_info { "authentication method: #{method_name}" }
method = Method[method_name].new(@transport, {'session id' => @transport.session_id}.merge(@options), @variables, authentication_methods, logger: logger)
result = method.authenticate(userauth_request_message)
case result
when true, SUCCESS
log_info { "verified" }
send_userauth_success
@username = userauth_request_message[:'user name']
@closed = false
break
when PARTIAL_SUCCESS
log_info { "partially verified" }
authentication_methods.delete method_name
log_debug { "authentication methods that can continue: #{authentication_methods}" }
if authentication_methods.empty?
log_info { "verified" }
send_userauth_success
@username = userauth_request_message[:'user name']
@closed = false
break
else
log_info { "continue" }
send_userauth_failure authentication_methods, true
end
when String
log_info { "send method specific message to continue" }
send_method_specific_message result
else log_info { "verify failed" }
send_userauth_failure authentication_methods, false
end
else
@closed = true
raise
end
end
end
|
#send_method_specific_message(payload) ⇒ Object
184
185
186
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 184
def send_method_specific_message payload
@transport.send payload
end
|
#send_userauth_failure(authentication_methods, partial_success) ⇒ Object
166
167
168
169
170
171
172
173
174
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 166
def send_userauth_failure authentication_methods, partial_success
message = {
:'message number' => Message::SSH_MSG_USERAUTH_FAILURE::VALUE,
:'authentications that can continue' => authentication_methods,
:'partial success' => partial_success,
}
payload = Message::SSH_MSG_USERAUTH_FAILURE.new(logger: logger).encode message
@transport.send payload
end
|
#send_userauth_success ⇒ Object
#start ⇒ Object
49
50
51
52
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 49
def start
@transport.start
authenticate
end
|
#username ⇒ Object
64
65
66
67
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 64
def username
raise Error::ClosedAuthentication if @closed
@username
end
|
#variables ⇒ Object
69
70
71
72
|
# File 'lib/hrr_rb_ssh/authentication.rb', line 69
def variables
raise Error::ClosedAuthentication if @closed
@variables
end
|