boat 0.2

data/.gitignore

@@ -0,0 +1,7 @@
+repositories/
+tmp/
+.*.swp
+.swp
+pkg/*
+*.gem
+.bundle

data/Gemfile

@@ -0,0 +1,4 @@
+source :gemcutter
+
+# Specify your gem's dependencies in boat.gemspec
+gemspec

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/bin/boat

@@ -0,0 +1,55 @@
+#!/usr/bin/ruby
+
+require 'rubygems'
+require 'boat'
+
+case command = ARGV.shift
+when 'server'
+  Boat::Server.new.run
+
+when 'put'
+  Boat::Put.new.run
+
+when 'configure', 'config'
+  config_file = ARGV.first || Boat::DEFAULT_CLIENT_CONFIGURATION_FILE
+
+  configuration = File.exists?(config_file) ? YAML.load(IO.read(config_file)) : {}
+  puts "Configuring #{config_file}\n\n"
+
+  [["Username", "username"], ["Key", "key"], ["Hostname", "host"]].each do |title, key|
+    print "#{title} [#{configuration[key]}] "
+    input = STDIN.gets.strip
+    configuration[key] = input unless input.empty?
+  end
+
+  File.open(config_file, "w") {|file| file.write configuration.to_yaml}
+
+
+else
+  puts "Unknown command #{command}\n\n" if command && !command.empty? && command != 'help'
+
+  puts <<-EOT
+Boat #{Boat::VERSION}
+Copyright 2011 Roger Nesbitt
+
+Boat is a file transfer server and client, made for backing up files.
+
+Server usage:
+
+    boat server [-c config_file]
+        Starts the boat server.
+        Uses /etc/boat.conf if config_file is not specified.
+
+Client usage:
+
+    boat configure [config_file]
+        Configures the username, key and hostname to use.  If no config
+        file is specified, ~/.boat.yml is used by default.
+
+    boat put [-v] [-c config_file] source_filename [destination_filename]
+        Uploads source_filename to the remote server.
+        source_filename may be '-' to upload from stdin, but in this case
+        a destination_filename must be specified.
+
+  EOT
+end

data/boat.gemspec

@@ -0,0 +1,20 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path("../lib/boat/version", __FILE__)
+
+Gem::Specification.new do |s|
+  s.name        = "boat"
+  s.version     = Boat::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Roger Nesbitt"]
+  s.email       = []
+  s.homepage    = "http://rubygems.org/gems/boat"
+  s.summary     = "File upload client and server specifically aimed at transferring already-encrypted backups"
+  s.description = s.summary
+
+  s.required_rubygems_version = ">= 1.3.6"
+  s.rubyforge_project         = "boat"
+
+  s.files        = `git ls-files`.split("\n")
+  s.executables  = `git ls-files`.split("\n").map{|f| f =~ /^bin\/(.*)/ ? $1 : nil}.compact
+  s.require_path = 'lib'
+end

data/lib/boat.rb

@@ -0,0 +1,11 @@
+module Boat
+  DEFAULT_PORT = 19184
+  DEFAULT_SERVER_CONFIGURATION_FILE = "/etc/boat.conf"
+  DEFAULT_CLIENT_CONFIGURATION_FILE = "#{ENV['HOME']}/.boat.yml"
+  DEFAULT_STORAGE_DIRECTORY = "/var/lib/boat"
+end
+
+require 'boat/version'
+require 'boat/client'
+require 'boat/server'
+require 'boat/put'

data/lib/boat/client.rb

@@ -0,0 +1,126 @@
+require 'hmac/sha2'
+require 'socket'
+
+class Boat::Client
+  Error = Class.new(StandardError)
+
+  def initialize(username, key, host, opts = {})
+    port = opts.fetch(:port, Boat::DEFAULT_PORT)
+    @key = key
+    @debug = opts.fetch(:debug, false)
+    @chunk_size = opts.fetch(:chunk_size, 1048576)
+
+    puts "[debug] connecting to #{host} port #{port}" if @debug
+    @socket = TCPSocket.new(host, port)
+    response = socket_gets.to_s
+    raise Error, response unless response =~ /^220/
+
+    puts "[debug] sending username" if @debug
+    socket_puts "user #{username}"
+    response = socket_gets.to_s
+    raise Error, response unless response =~ /^251 HMAC-SHA256 (.+)/
+
+    puts "[debug] sending password" if @debug
+    password_hash = HMAC::SHA256.hexdigest(key, $1)
+    socket_puts "pass #{password_hash}"
+    response = socket_gets.to_s
+    raise Error, response unless response =~ /^250/
+  end
+
+  def put(io, filename, size = nil, hash = nil)
+    encoded_filename = CGI.escape(filename)
+    puts "[debug] sending put command with filename #{encoded_filename}" if @debug
+    socket_puts "put #{encoded_filename}"
+    response = socket_gets.to_s
+    raise Error, response unless response =~ /^250/
+    server_salt = response.strip[4..-1]
+
+    size ||= io.respond_to?(:stat) ? io.stat.size : io.length
+
+    hash ||= if io.respond_to?(:path)
+      Digest::SHA256.file(io.path)
+    elsif !io.respond_to?(:read)
+      Digest::SHA256.hexdigest(io)
+    else
+      "-"
+    end
+
+    client_salt = [Digest::SHA256.digest((0..64).inject("") {|r, i| r << rand(256).chr})].pack("m").strip
+    signature = HMAC::SHA256.hexdigest(@key, "#{server_salt}#{encoded_filename}#{size}#{hash}#{client_salt}")
+
+    puts "[debug] sending data command" if @debug
+    socket_puts "data #{size} #{hash} #{client_salt} #{signature}"
+    response = socket_gets.to_s
+
+    # The server might already have the file with this hash - if so it'll return 255 at this point.
+    if matches = response.strip.match(/\A255 accepted ([0-9a-f]{64})\z/i)
+      confirm_hash = HMAC::SHA256.hexdigest(@key, "#{client_salt}#{hash}")
+      if matches[1] != confirm_hash
+        raise Error, "Incorrect server signature; the srver may be faking that it received the upload"
+      end
+      return size
+    end
+
+    raise Error, response unless response =~ /^253/
+
+    if io.respond_to?(:read)
+      digest = Digest::SHA256.new if hash == '-'
+      written = 0
+      while data = io.read(@chunk_size)
+        if @debug
+          print "[debug] sending data (#{written} / #{size} bytes)\r"
+          STDOUT.flush
+        end
+        digest << data if hash == '-'
+        @socket.write(data)
+        written += data.length
+      end
+    else
+      puts "[debug] sending data" if @debug
+      @socket.write(io)
+      digest << io
+    end
+
+    puts "[debug] data sent (#{size} bytes); waiting for response" if @debug
+    response = socket_gets.to_s
+
+    if response =~ /^254/ # we need to send the hash of the file because we didn't on the DATA line
+      hash = digest.to_s
+      signature = HMAC::SHA256.hexdigest(@key, "#{server_salt}#{encoded_filename}#{size}#{hash}#{client_salt}")
+
+      puts "[debug] sending confirm command" if @debug
+      socket_puts "confirm #{hash} #{signature}\n"
+      response = socket_gets.to_s
+    end
+
+    raise Error, response unless response && matches = response.strip.match(/\A255 accepted ([0-9a-f]{64})\z/i)
+
+    confirm_hash = HMAC::SHA256.hexdigest(@key, "#{client_salt}#{hash}")
+    if matches[1] != confirm_hash
+      raise Error, "Incorrect server signature; the srver may be faking that it received the upload"
+    end
+
+    size
+  end
+
+  def quit
+    puts "[debug] sending quit" if @debug
+    socket_puts "quit"
+    response = socket_gets
+    @socket.close
+  end
+
+  private
+  def socket_gets
+    data = @socket.gets
+    puts "[debug] < #{data}" if @debug
+    data
+  end
+
+  def socket_puts(data)
+    result = @socket.puts(data)
+    puts "[debug] > #{data}" if @debug
+    result
+  end
+end
+

data/lib/boat/put.rb

@@ -0,0 +1,46 @@
+require 'cgi'
+require 'yaml'
+
+class Boat::Put
+  def run
+    while ARGV.first && ARGV.first[0..0] == '-' && ARGV.first.length > 1
+      case opt = ARGV.shift
+      when '-v' then debug = true
+      when '-c' then config_file = ARGV.shift
+      else           raise "unknown commandline option #{opt}"
+      end
+    end
+
+    filename, destination_filename = ARGV
+
+    if filename == '-' && destination_filename.to_s.empty?
+      raise "you must specify a destination_filename if you are uploading from stdin"
+    end
+
+    destination_filename ||= File.basename(filename)
+    config_file ||= Boat::DEFAULT_CLIENT_CONFIGURATION_FILE
+
+    unless File.exists?(config_file)
+      raise "#{config_file} does not exist.  run boat configure"
+    end
+
+    configuration = YAML.load(IO.read(config_file))
+
+    if filename != '-' && !File.exists?(filename)
+      raise "#{filename} doesn't exist"
+    end
+
+    begin
+      client = Boat::Client.new(configuration["username"], configuration["key"], configuration["host"], :debug => debug)
+      if filename == '-'
+        client.put(STDIN, destination_filename)
+      else
+        File.open(filename, "r") {|file| client.put(file, destination_filename)}
+      end
+      client.quit
+    rescue Boat::Client::Error => e
+      STDERR.puts e.message
+      exit(1)
+    end
+  end
+end

data/lib/boat/server.rb

@@ -0,0 +1,291 @@
+require 'hmac/sha2'
+require 'eventmachine'
+require 'syslog'
+require 'digest'
+require 'fileutils'
+
+class Boat::Server
+  ConfigurationError = Class.new(StandardError)
+
+  attr_reader :configuration
+
+  module BoatServer
+    include EventMachine::Protocols::LineText2
+    NextCommand = Class.new(StandardError)
+    @@last_connection_id = 0
+
+    def initialize(configuration)
+      @configuration = configuration
+    end
+
+    def post_init
+      @@last_connection_id += 1
+      @connection_id = @@last_connection_id
+      @temporary_files = []
+      send_data "220 Boat Server #{Boat::VERSION}\n"
+    end
+
+    def receive_line(line)
+      match = line.match(/\A(\S*)(.*)?/)
+      command = match[1].downcase
+      args = match[2].strip if match[2] && !match[2].strip.empty?
+
+      begin
+        if %w(user pass put get data confirm quit).include?(command)
+          send("command_#{command}", args)
+        else
+          send_data "500 unknown command\n"
+        end
+      rescue NextCommand
+      end
+    end
+
+    def command_user(args)
+      if @authenticated
+        send_data "500 already authenticated\n"
+      elsif args.empty? || args.match(/[^a-z0-9_]/i)
+        send_data "500 invalid username\n"
+      else
+        @username = args
+        @login_salt = random_salt
+        send_data "251 HMAC-SHA256 #{@login_salt}\n"
+      end
+    end
+
+    def command_pass(args)
+      if @authenticated
+        send_data "500 already authenticated\n"
+      elsif @username.nil? || @login_salt.nil?
+        send_data "500 USER first\n"
+      else
+        user = @configuration.fetch("users", {}).fetch(@username, nil)
+        expected = HMAC::SHA256.hexdigest(user["key"], @login_salt) if user
+        if user && expected && args == expected
+          send_data "250 OK\n"
+          @user = user
+          @authenticated = true
+        else
+          @username = @login_salt = nil
+          send_data "401 invalid username or password\n"
+        end
+      end
+    end
+
+    def command_put(args)
+      check_authenticated!
+
+      if @user["access"] == "r"
+        send_data "400 no write access\n"
+      elsif @put
+        send_data "500 PUT already sent\n"
+      elsif !args.match(/\A[a-z0-9_.%+-]+\z/i) # filenames should be urlencoded
+        send_data "500 invalid filename\n"
+      else
+        if @user.fetch("versioning", true) == false && File.exists?("#{repository_path}/current.#{args}")
+          send_data "500 file already exists\n"
+        else
+          @put = {:state => "PUT", :filename => args, :server_salt => random_salt}
+          send_data "250 #{@put[:server_salt]}\n"
+        end
+      end
+    end
+
+    def command_data(args)
+      check_authenticated!
+
+      if @put.nil?
+        send_data "500 PUT first\n"
+      elsif @put[:state] != "PUT"
+        send_data "500 DATA already sent\n"
+      elsif (matches = args.match(/\A([0-9]+) ([0-9a-f]{64}|-) (\S+) ([0-9a-f]{64})\z/i)).nil?
+        send_data "500 invalid DATA command line; requires size, hash, new salt and signature\n"
+      else
+        size = matches[1].to_i
+        file_hash = matches[2].downcase
+        client_salt = matches[3]
+        signature = matches[4].downcase
+
+        if size >= 1<<31
+          send_data "500 size too large\n"
+        elsif signature != HMAC::SHA256.hexdigest(@user["key"], "#{@put.fetch(:server_salt)}#{@put.fetch(:filename)}#{size}#{file_hash}#{client_salt}")
+          send_data "500 signature is invalid\n"
+        elsif File.exists?(current_filename = "#{repository_path}/current.#{@put.fetch(:filename)}") && Digest::SHA256.file(current_filename).to_s == file_hash
+          signature = HMAC::SHA256.hexdigest(@user["key"], "#{client_salt}#{file_hash}")
+          send_data "255 accepted #{signature}\n"
+        else
+          @put[:temporary_id] = "#{Time.now.to_i}.#{Process.pid}.#{@connection_id}"
+          @put[:temporary_filename] = "#{@configuration["storage_path"]}/tmp/#{@put.fetch(:temporary_id)}"
+          @put.merge!(
+            :state => "DATA",
+            :size => size,
+            :hash => (file_hash unless file_hash == '-'),
+            :client_salt => client_salt,
+            :file_handle => File.open(@put[:temporary_filename], "w"),
+            :digest => Digest::SHA256.new)
+
+          @temporary_files << @put[:temporary_filename]
+
+          send_data "253 send #{size} bytes now\n"
+          set_binary_mode size
+        end
+      end
+    end
+
+    def receive_binary_data(data)
+      @put[:file_handle].write data
+      @put[:digest] << data
+    end
+
+    def receive_end_of_binary_data
+      @put[:file_handle].close
+
+      if @put.fetch(:hash).nil?
+        @put[:state] = "awaiting CONFIRM"
+        send_data "254 send hash confirmation\n"
+      else
+        complete_put
+      end
+    end
+
+    def command_confirm(args)
+      if @put.nil? || @put[:state] != "awaiting CONFIRM"
+        send_data "500 no need to send CONFIRM\n"
+      elsif (matches = args.match(/\A([0-9a-f]{64}) ([0-9a-f]{64})\z/i)).nil?
+        send_data "500 invalid CONFIRM command line; requires hash and signature\n"
+      else
+        file_hash = matches[1].downcase
+        signature = matches[2].downcase
+
+        if signature != HMAC::SHA256.hexdigest(@user["key"], "#{@put.fetch(:server_salt)}#{@put.fetch(:filename)}#{@put.fetch(:size)}#{file_hash}#{@put.fetch(:client_salt)}")
+          send_data "500 signature is invalid\n"
+          @put = nil
+        else
+          @put[:hash] = file_hash
+          complete_put
+        end
+      end
+    end
+
+    def complete_put
+      calculated_hash = @put.fetch(:digest).to_s
+
+      if @put.fetch(:hash) != calculated_hash
+        send_data "500 file hash does not match hash supplied by client\n"
+        File.unlink(@put.fetch(:temporary_filename))
+        @temporary_files.delete(@put.fetch(:temporary_filename))
+        return
+      end
+
+      FileUtils.mkdir_p(repository_path)
+      version_filename = "#{repository_path}/#{@put.fetch(:temporary_id)}.#{@put.fetch(:filename)}"
+      symlink_name = "#{repository_path}/current.#{@put.fetch(:filename)}"
+
+      if @user.fetch("versioning", true) == false && File.exists?(symlink_name)
+        send_data "500 file with same filename was uploaded before this upload completed\n"
+        File.unlink(@put.fetch(:temporary_filename))
+        @temporary_files.delete(@put.fetch(:temporary_filename))
+        return
+      end
+
+      File.rename(@put.fetch(:temporary_filename), version_filename)
+      @temporary_files.delete(@put.fetch(:temporary_filename))
+      begin
+        File.unlink(symlink_name) if File.symlink?(symlink_name)
+      rescue Errno::ENOENT
+      end
+      File.symlink(version_filename, symlink_name)
+
+      signature = HMAC::SHA256.hexdigest(@user["key"], "#{@put.fetch(:client_salt)}#{@put.fetch(:hash)}")
+      send_data "255 accepted #{signature}\n"
+    ensure
+      @put = nil
+    end
+
+    def command_get(args)
+      check_authenticated!
+      send_data "500 not implemented\n"
+    end
+
+    def command_quit(args)
+      send_data "221 bye\n"
+      close_connection_after_writing
+    end
+
+    def check_authenticated!
+      unless @authenticated
+        send_data "500 not authenticated\n"
+        raise NextCommand
+      end
+    end
+
+    def unbind
+      @temporary_files.each do |filename|
+        begin
+          File.unlink(filename)
+        rescue Errno::ENOENT
+        end
+      end
+    end
+
+    def random_salt
+      [Digest::SHA256.digest((0..64).inject("") {|r, i| r << rand(256).chr})].pack("m").strip
+    end
+
+    def repository_path
+      @user && "#{@configuration.fetch("storage_path")}/repositories/#{@user.fetch("repository")}"
+    end
+  end
+
+  def load_configuration
+    unless File.exists?(@config_file)
+      raise "configuration file #{config_file} does not exist"
+    end
+
+    configuration = YAML.load(IO.read(@config_file))
+    if configuration["users"].nil? || configuration["users"].empty?
+      raise "configuration file does not have any users defined in it"
+    end
+
+    configuration["storage_path"] ||= Boat::DEFAULT_STORAGE_DIRECTORY
+    FileUtils.mkdir_p("#{configuration["storage_path"]}/tmp")
+
+    @configuration.update(configuration)
+  rescue => e
+    raise ConfigurationError, e.message, $@
+  end
+
+  def run
+    trap('SIGINT') { exit }
+    trap('SIGTERM') { exit }
+
+    while ARGV.first && ARGV.first[0..0] == '-' && ARGV.first.length > 1
+      case opt = ARGV.shift
+      when '-c' then @config_file = ARGV.shift
+      else           raise "unknown commandline option #{opt}"
+      end
+    end
+
+    @config_file ||= Boat::DEFAULT_SERVER_CONFIGURATION_FILE
+    @configuration = {}
+    load_configuration
+
+    trap('SIGHUP') do
+      begin
+        load_configuration
+      rescue ConfigurationError => e
+        STDERR.puts "Could not reload configuration file: #{e.message}"
+      end
+    end
+
+    #Syslog.open 'boat'
+
+    File.umask(0077)
+    EventMachine.run do
+      EventMachine.start_server(
+        @configuration.fetch("listen_address", "localhost"),
+        @configuration.fetch("listen_port", Boat::DEFAULT_PORT),
+        BoatServer,
+        @configuration)
+    end
+  end
+end

data/lib/boat/version.rb

@@ -0,0 +1,3 @@
+module Boat
+  VERSION = "0.2"
+end

data/server.conf

@@ -0,0 +1,11 @@
+listen_address: localhost
+listen_port: 19184
+
+storage_path: /var/lib/boat
+
+users:
+  roger:
+    key: testtest
+    access: w
+    repository: test
+    versioning: true

metadata

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification 
+name: boat
+version: !ruby/object:Gem::Version 
+  hash: 15
+  prerelease: 
+  segments: 
+  - 0
+  - 2
+  version: "0.2"
+platform: ruby
+authors: 
+- Roger Nesbitt
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-05-30 00:00:00 +12:00
+default_executable: 
+dependencies: []
+
+description: File upload client and server specifically aimed at transferring already-encrypted backups
+email: []
+
+executables: 
+- boat
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- README
+- Rakefile
+- bin/boat
+- boat.gemspec
+- lib/boat.rb
+- lib/boat/client.rb
+- lib/boat/put.rb
+- lib/boat/server.rb
+- lib/boat/version.rb
+- server.conf
+has_rdoc: true
+homepage: http://rubygems.org/gems/boat
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 23
+      segments: 
+      - 1
+      - 3
+      - 6
+      version: 1.3.6
+requirements: []
+
+rubyforge_project: boat
+rubygems_version: 1.4.2
+signing_key: 
+specification_version: 3
+summary: File upload client and server specifically aimed at transferring already-encrypted backups
+test_files: []
+