bssh 2.0.1

Parallel SSH command execution tool for cluster management
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341

// Copyright 2025 Lablup Inc. and Jeongkyu Shin
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! Shared error types for client and server implementations.
//!
//! This module provides common error types that can be used by both
//! the bssh client and server implementations.
//!
//! # Error Categories
//!
//! - [`ValidationError`]: Input validation failures
//! - [`AuthError`]: Authentication-related errors
//! - [`ConnectionError`]: Connection and network errors
//! - [`RateLimitError`]: Rate limiting errors

use std::fmt;
use std::io;

/// Error type for input validation failures.
///
/// This error is returned when user input fails validation checks.
///
/// # Examples
///
/// ```
/// use bssh::shared::error::ValidationError;
///
/// let err = ValidationError::new("username", "contains invalid characters");
/// assert!(err.to_string().contains("username"));
/// ```
#[derive(Debug, Clone)]
pub struct ValidationError {
    /// The field or input that failed validation
    pub field: String,
    /// Description of why validation failed
    pub message: String,
}

impl ValidationError {
    /// Create a new validation error.
    ///
    /// # Arguments
    ///
    /// * `field` - The name of the field that failed validation
    /// * `message` - Description of the validation failure
    pub fn new(field: impl Into<String>, message: impl Into<String>) -> Self {
        Self {
            field: field.into(),
            message: message.into(),
        }
    }

    /// Create an error for an empty field.
    pub fn empty(field: impl Into<String>) -> Self {
        let field = field.into();
        Self {
            message: format!("{field} cannot be empty"),
            field,
        }
    }

    /// Create an error for a field that is too long.
    pub fn too_long(field: impl Into<String>, max_length: usize) -> Self {
        let field = field.into();
        Self {
            message: format!("{field} exceeds maximum length of {max_length}"),
            field,
        }
    }

    /// Create an error for invalid characters.
    pub fn invalid_characters(field: impl Into<String>) -> Self {
        let field = field.into();
        Self {
            message: format!("{field} contains invalid characters"),
            field,
        }
    }
}

impl fmt::Display for ValidationError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "Validation error for '{}': {}", self.field, self.message)
    }
}

impl std::error::Error for ValidationError {}

/// Error type for authentication failures.
///
/// This enum represents various authentication-related errors that can
/// occur during the SSH authentication process.
#[derive(Debug)]
pub enum AuthError {
    /// Invalid credentials (wrong password, invalid key, etc.)
    InvalidCredentials,

    /// Authentication method not supported by server
    MethodNotSupported(String),

    /// User not found or not allowed
    UserNotAllowed(String),

    /// Account is locked or disabled
    AccountLocked(String),

    /// Too many authentication attempts
    TooManyAttempts,

    /// Authentication timeout
    Timeout,

    /// SSH agent not available
    AgentNotAvailable,

    /// No identities available in SSH agent
    NoIdentities,

    /// Key file not found or unreadable
    KeyFileError(String),

    /// Key format invalid or corrupted
    KeyInvalid(String),

    /// Passphrase required but not provided
    PassphraseRequired,

    /// Passphrase incorrect
    PassphraseIncorrect,

    /// Server rejected the connection
    ServerRejected(String),

    /// Internal error during authentication
    Internal(String),
}

impl fmt::Display for AuthError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            AuthError::InvalidCredentials => write!(f, "Invalid credentials"),
            AuthError::MethodNotSupported(method) => {
                write!(f, "Authentication method '{method}' not supported")
            }
            AuthError::UserNotAllowed(_) => {
                write!(f, "User is not allowed to connect")
            }
            AuthError::AccountLocked(_) => write!(f, "Account is locked"),
            AuthError::TooManyAttempts => write!(f, "Too many authentication attempts"),
            AuthError::Timeout => write!(f, "Authentication timed out"),
            AuthError::AgentNotAvailable => write!(f, "SSH agent not available"),
            AuthError::NoIdentities => write!(f, "No identities available in SSH agent"),
            AuthError::KeyFileError(path) => write!(f, "Cannot read key file: {path}"),
            AuthError::KeyInvalid(reason) => write!(f, "Invalid key: {reason}"),
            AuthError::PassphraseRequired => write!(f, "Passphrase required for key"),
            AuthError::PassphraseIncorrect => write!(f, "Incorrect passphrase"),
            AuthError::ServerRejected(reason) => write!(f, "Server rejected: {reason}"),
            AuthError::Internal(reason) => write!(f, "Internal authentication error: {reason}"),
        }
    }
}

impl std::error::Error for AuthError {}

/// Error type for connection failures.
///
/// This enum represents various connection-related errors that can occur
/// during SSH connection establishment.
#[derive(Debug)]
pub enum ConnectionError {
    /// Could not resolve hostname
    DnsResolutionFailed(String),

    /// Connection refused by server
    ConnectionRefused(String),

    /// Connection timed out
    Timeout(String),

    /// Network unreachable
    NetworkUnreachable(String),

    /// Host unreachable
    HostUnreachable(String),

    /// Server closed connection unexpectedly
    ConnectionClosed(String),

    /// Protocol version mismatch
    ProtocolMismatch(String),

    /// Host key verification failed
    HostKeyVerificationFailed(String),

    /// Rate limited
    RateLimited(String),

    /// TLS/SSL error
    TlsError(String),

    /// IO error
    Io(io::Error),

    /// Other error
    Other(String),
}

impl fmt::Display for ConnectionError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            ConnectionError::DnsResolutionFailed(host) => {
                write!(f, "Could not resolve hostname: {host}")
            }
            ConnectionError::ConnectionRefused(host) => {
                write!(f, "Connection refused by {host}")
            }
            ConnectionError::Timeout(msg) => write!(f, "Connection timed out: {msg}"),
            ConnectionError::NetworkUnreachable(msg) => write!(f, "Network unreachable: {msg}"),
            ConnectionError::HostUnreachable(host) => write!(f, "Host unreachable: {host}"),
            ConnectionError::ConnectionClosed(msg) => write!(f, "Connection closed: {msg}"),
            ConnectionError::ProtocolMismatch(msg) => write!(f, "Protocol mismatch: {msg}"),
            ConnectionError::HostKeyVerificationFailed(msg) => {
                write!(f, "Host key verification failed: {msg}")
            }
            ConnectionError::RateLimited(msg) => write!(f, "Rate limited: {msg}"),
            ConnectionError::TlsError(msg) => write!(f, "TLS error: {msg}"),
            ConnectionError::Io(err) => write!(f, "IO error: {err}"),
            ConnectionError::Other(msg) => write!(f, "Connection error: {msg}"),
        }
    }
}

impl std::error::Error for ConnectionError {
    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
        match self {
            ConnectionError::Io(err) => Some(err),
            _ => None,
        }
    }
}

impl From<io::Error> for ConnectionError {
    fn from(err: io::Error) -> Self {
        ConnectionError::Io(err)
    }
}

/// Error type for rate limiting.
///
/// This error is returned when a rate limit is exceeded.
#[derive(Debug, Clone)]
pub struct RateLimitError {
    /// The identifier that was rate limited (e.g., hostname, IP)
    pub identifier: String,
    /// Estimated wait time in seconds before retry
    pub wait_seconds: f64,
}

impl RateLimitError {
    /// Create a new rate limit error.
    ///
    /// # Arguments
    ///
    /// * `identifier` - The identifier that was rate limited
    /// * `wait_seconds` - Estimated wait time before retry
    pub fn new(identifier: impl Into<String>, wait_seconds: f64) -> Self {
        Self {
            identifier: identifier.into(),
            wait_seconds,
        }
    }
}

impl fmt::Display for RateLimitError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "Rate limit exceeded for '{}'. Please wait {:.1} seconds before retrying.",
            self.identifier, self.wait_seconds
        )
    }
}

impl std::error::Error for RateLimitError {}

/// A result type using our shared error types.
pub type SharedResult<T> = Result<T, Box<dyn std::error::Error + Send + Sync>>;

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_validation_error() {
        let err = ValidationError::new("username", "contains spaces");
        assert_eq!(err.field, "username");
        assert!(err.to_string().contains("Validation error"));

        let empty_err = ValidationError::empty("password");
        assert!(empty_err.message.contains("cannot be empty"));

        let long_err = ValidationError::too_long("hostname", 253);
        assert!(long_err.message.contains("253"));
    }

    #[test]
    fn test_auth_error_display() {
        let err = AuthError::InvalidCredentials;
        assert!(err.to_string().contains("Invalid credentials"));

        let method_err = AuthError::MethodNotSupported("kerberos".to_string());
        assert!(method_err.to_string().contains("kerberos"));
    }

    #[test]
    fn test_connection_error() {
        let err = ConnectionError::ConnectionRefused("example.com:22".to_string());
        assert!(err.to_string().contains("Connection refused"));

        let io_err = ConnectionError::from(io::Error::new(io::ErrorKind::NotFound, "test"));
        assert!(io_err.to_string().contains("IO error"));
    }

    #[test]
    fn test_rate_limit_error() {
        let err = RateLimitError::new("192.168.1.1", 5.5);
        assert!(err.to_string().contains("192.168.1.1"));
        assert!(err.to_string().contains("5.5"));
    }
}