em-wssh 0.5.0 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1db6dba2f0f3dff81eed7b595806938e0bd8f064
-  data.tar.gz: 473cd9aaa813c0f21a5f178e03a90cf52acde42c
+  metadata.gz: 1ef81d191ad0809a51504e1f789f5e40f6c882be
+  data.tar.gz: da12d0d652fccf49292e6ee59917b607694d7af6
 SHA512:
-  metadata.gz: c01b25a7cf340ddb7f9ad0aadc5feaee60afc1f6acbb1660122eb3724011d8e2062abf02db60144052b23be6113584cd848cd02338806108894058820d78542b
-  data.tar.gz: 52d414591dfaf37c7c65c3a4610974f0ad491bb8c9d7b1d0bdfbfec3da832328b2189230638f0f72676476f5e4b2262c03908a2e4456806c19cfb359494fd20f
+  metadata.gz: 3ed9868c3ed61ce056cfdc261a391ce2f8b5607fb8ff8cc99efe94babf248e316698a988ef97f160e2cf7e1f0213503956e90d27f7f73702f3f181d90470e82f
+  data.tar.gz: d60cee8efb8911ce45bfb880e036dff03ba8e65dd334e3c6ccf007de95248e8cd161c473384a6b18aff20b4ce31cad1429581079373e5cd7156a5df1eeefa839

data/README.md

@@ -11,7 +11,7 @@ Ruby version of ssh thru websocket proxying.
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'em-wssh' if Gem.win_platform?
+gem 'em-wssh'
 ```
 
 And then execute:
@@ -50,7 +50,7 @@ Running client from terminal is not very useful. It should be called by ssh clie
 ssh -o ProxyCommand='wssh client wss://server.host.com/ssh/%h' sshd.local
 ```
 
-By default WSSH server has 60 seconds timeout. To prevent idle connection to drop,
+By default nginx has 60 seconds timeout. To prevent idle connection to drop,
 one can use `ServerAliveInterval` parameter:
 
 ```sh
@@ -92,22 +92,26 @@ s.loop!
 ```ruby
 require 'em/wssh/client'
 
-s=EventMachine::Wssh::Client
-s.options[:uri]='wss://server.host.com/ssh/sshd.local'
-s.loop!
+c=EventMachine::Wssh::Client
+c.options[:uri]='wss://server.host.com/ssh/sshd.local'
+c.loop!
 ```
 
 ```ruby
 require 'em/wssh/connect'
 
-s=EventMachine::Wssh::Connect
-s.options.merge! base: '.', all: true, uri: 'wss://server.host.com/ssh/sshd.local'
-s.loop!
+p=EventMachine::Wssh::Connect
+p.options.merge! base: '.', all: true, uri: 'wss://server.host.com/ssh/sshd.local'
+p.loop!
 ```
 
+Use `go!` method instead `loop!` to mimic cli behavour (command line parsing).
+
 Some options are not accesible to `wssh` command and can be used only programmaticaly.
 
-Eg, EventMachine::Wssh::Connect has option `onlisten` that allows listening to random port:
+### Ephemeral module
+
+Eg, EventMachine::Wssh::Connect has option `onlisten` that allows listening to ephemeral port:
 
 ```ruby
 #!/usr/bin/env ruby
@@ -134,6 +138,35 @@ x=Net::SSH.start 'sshd.local', 'root',
 puts x.exec! 'hostname'
 ```
 
+Unfortunately, EventMachine fails to run in thread inside Capistrano.
+But Connect proxy still can run in separate process.
+To do this, module Ephemeral was forged:
+
+```ruby
+task :wssh do
+  require 'net/ssh/proxy/http'
+  require 'em/wssh/ephemeral'
+
+  port = EventMachine::Wssh::Ephemeral.allocate 'ws://localhost:4567/test'
+
+  proxy = Net::SSH::Proxy::HTTP.new 'localhost', port
+
+  roles(:all).each{|h| h.wssh_proxy proxy }
+end
+
+class SSHKit::Host
+  def wssh_proxy proxy
+    @ssh_options[:proxy]=proxy
+  end
+end
+```
+Use this task `cap stage wssh task(s)...` to tunnel all Capistrano ssh traffic through
+WSSH server.
+
+In addition, if WSSH URL is secure (wss: or https:) and Ephemeral module is running on Windows,
+it automagically starts small Node.js process that wraps traffic into TLS.
+This behavour can be disabled by setting Ephemeral.options[:tlswrap]=false
+
 ## Data flow
 
 Normal SSH session is very simple:

data/lib/em/wssh.rb

@@ -1,5 +1,5 @@
 module EventMachine
   module Wssh
-    VERSION = "0.5.0"
+    VERSION = "0.6.0"
   end
 end

data/lib/em/wssh/client.rb

@@ -12,7 +12,7 @@ module Client
     puts <<-EOT
 WSSH client
 
-Usage: #{Exe.biname} ws[s]://host[:port]/uri
+#{Exe.usage} ws[s]://host[:port]/uri
     EOT
     exit 1
   end

data/lib/em/wssh/connect.rb

@@ -22,7 +22,7 @@ module Connect
     puts <<-EOF
 Simple HTTP CONNECT proxy to WSSH daemon
 
-Usage: #{Exe.biname} [options...] ws[s]://host[:port]/uri
+#{Exe.usage} [options...] ws[s]://host[:port]/uri
     EOF
     helptions
   end
@@ -66,6 +66,12 @@ Usage: #{Exe.biname} [options...] ws[s]://host[:port]/uri
     def onopen
       log "Connected to WSSHD"
       http.onopen
+      pinger
+    end
+
+    def pinger
+      return unless t=Connect.options[:ping]
+      @timer=EM::PeriodicTimer.new(t){@ws.ping if @ws}
     end
 
     def onmessage data
@@ -85,6 +91,7 @@ Usage: #{Exe.biname} [options...] ws[s]://host[:port]/uri
     def bye
       http.close_connection if http
       @ws.close if @ws
+      @timer.cancel if @timer
       instance_variables.each{|v| remove_instance_variable v if '@count'!=v.to_s}
     end
   end

data/lib/em/wssh/ephemeral.rb

@@ -0,0 +1,119 @@
+require_relative 'service'
+
+module EventMachine::Wssh
+class Ephemeral
+  extend Service
+
+  @options={
+    tlswrap: true,
+    base: '.',
+    pid: 'tmp/pids/ephemeral.pid',
+    log: 'log/ephemeral.log',
+    tls: 'log/tls.log',
+  }
+
+  %i(log options mkdir).each do |meth|
+    define_method meth do |*args|
+      self.class.send meth, *args
+    end
+  end
+
+  def initialize
+    require 'socket'
+    @sock=Addrinfo.tcp('127.0.0.1', 0).listen 1
+  end
+
+  def myport
+    Socket.unpack_sockaddr_in(@sock.getsockname).first
+  end
+
+  def rport
+    sock=@sock.accept.first
+    at_exit{sock}
+    sock.gets.to_i
+  end
+
+  def tlswrap uri
+    return uri unless options[:tlswrap] and Gem.win_platform?
+    require 'uri'
+    z = URI uri
+    return uri unless %w(wss https).include? z.scheme
+    log "Running TLS Wrapper..."
+    spawn 'node', '.', myport.to_s, z.host,
+      chdir: __dir__,
+      %i(out err)=>File.open(mkdir(:tls), 'a')
+    z.scheme='ws'
+    z.host='localhost'
+    z.port=rport
+    z.to_s
+  end
+
+  def allocate uri
+    uri = tlswrap uri
+
+    log "Running WSSH proxy..."
+    spawn *%w(bundle exec wssh ephemeral), myport.to_s, uri,
+      %i(out err)=>File.open(mkdir(:log), 'a')
+
+    rport
+  end
+
+  def self.allocate uri
+    new.allocate uri
+  end
+
+  def self.help
+    require_relative 'exe'
+    puts <<-EOF
+Run HTTP proxy on ephemeral port
+
+#{Exe.usage} <port> <uri>
+
+For internal use.
+    EOF
+    exit
+  end
+
+  def self.go!
+    help if 2!=ARGV.length
+    require_relative 'connect'
+
+    pid
+
+    Connect.options.merge!(
+      port: 0,
+      uri: ARGV[1],
+      ping: 50,
+      onlisten: Proc.new{|port| onlisten port},
+    )
+    Connect.loop!
+  end
+
+  module Parent
+    def initialize port
+      @port=port
+      @c=EM::Wssh::Connect
+      log "Listening to port", port
+    end
+
+    def log *args
+      @c.log *args
+    end
+
+    def post_init
+      log "Connected to parent"
+      send_data "#{@port}\n"
+    end
+
+    def unbind
+      log "Parent disconnected"
+      EM.stop_event_loop
+    end
+  end
+
+  def self.onlisten port
+    EM.connect 'localhost', ARGV[0], Parent, port
+  end
+
+end
+end

data/lib/em/wssh/exe.rb

@@ -22,6 +22,7 @@ module Exe
       .map{|n|m.const_get n}
       .grep(Module)
       .select{|m| m.respond_to? :go!}
+      .select{|m| m.const_defined? :Title}
       .map{|m| [m.name.split(/\W+/).last.downcase, m]}
       .sort_by{|x| x[0]}
     ]
@@ -39,8 +40,8 @@ module Exe
     exit
   end
 
-  def self.biname
-    "wssh "+File.basename(caller_locations.first.path).sub(/[.][^.]*\Z/, '')
+  def self.usage
+    "Usage: wssh "+File.basename(caller_locations.first.path).sub(/[.][^.]*\Z/, '')
   end
 end
 end

data/lib/em/wssh/help.rb

@@ -1,46 +1,46 @@
-require_relative 'exe'
-
-module EventMachine::Wssh
-module Help
-
-  Title='Show this help'
-
-  def self.go!
-    if mod = Exe.command?(ARGV.shift)
-      command mod
-    else
-      top
-    end
-  end
-
-  def self.top
-    require_relative 'all'
-
-    puts <<-EOT
-WSSH suite v#{VERSION}
-
-Usage: wssh command [parameters...]
-
-Available commands:
-
-    EOT
-    Exe.commands.each{|cmd, mod| puts "  wssh #{cmd}\t#{mod::Title rescue nil}"}
-  end
-
-  def self.command mod
-    if mod.respond_to? :help
-      mod.help
-    else
-      puts mod::Title
-    end
-  end
-
-  def self.help
-    puts <<-EOT
-Shows help for WSSH suite or individual commands
-
-Usage: #{Exe.biname} [command]
-    EOT
-  end
-end
-end
+require_relative 'exe'
+
+module EventMachine::Wssh
+module Help
+
+  Title='Show this help'
+
+  def self.go!
+    if mod = Exe.command?(ARGV.shift)
+      command mod
+    else
+      top
+    end
+  end
+
+  def self.top
+    require_relative 'all'
+
+    puts <<-EOT
+WSSH suite v#{VERSION}
+
+Usage: wssh command [parameters...]
+
+Available commands:
+
+    EOT
+    Exe.commands.each{|cmd, mod| puts "  wssh #{cmd}\t#{mod::Title}"}
+  end
+
+  def self.command mod
+    if mod.respond_to? :help
+      mod.help
+    else
+      puts mod::Title
+    end
+  end
+
+  def self.help
+    puts <<-EOT
+Shows help for WSSH suite or individual commands
+
+#{Exe.usage} [command]
+    EOT
+  end
+end
+end

data/lib/em/wssh/index.js

@@ -0,0 +1,212 @@
+//
+// Simple stunnel for Websocket
+//
+net = require('net')
+ssl = require('tls')
+
+if(4!=process.argv.length) help()
+
+var Host = process.argv[3]
+
+net.createServer(Req)
+.listen(0, On)
+
+var
+  myport,
+  Count=0,
+  _log=log
+
+function help()
+{
+  path = require('path')
+  log('Usage:', path.basename(__filename), 'port host')
+  process.exit()
+}
+
+function On()
+{
+  myport = this.address().port;
+  log("Listening", this.address())
+  net.connect(process.argv[2], 'localhost')
+    .on('connect', pConnect)
+    .on('end', pEnd)
+    .on('error', pError)
+}
+
+function pConnect()
+{
+  log('Connected to parent')
+  this.write(''+myport+'\n')
+}
+
+function pEnd()
+{
+  log('Parent closed')
+  process.exit()
+}
+
+function pError(err)
+{
+  log('Parent error', err)
+  process.exit()
+}
+
+function Req(conn)
+{
+  var
+    No=++Count, hs=[], prolog, body, tls
+
+  function log()
+  {
+    _log.apply(this, ['<'+No+'>'].concat([].slice.call(arguments)))
+  }
+
+  log("Client connected from", conn.remoteAddress+':'+conn.remotePort)
+
+  conn
+  .on('readable', cRead)
+  .on('end', cClose)
+  .on('error', cError)
+
+  function cRead()
+  {
+    var x
+    while(null!=(x=this.read()))
+      body ? queue(x) : headers(x)
+  }
+
+  function cClose()
+  {
+    log('Client disconnected')
+    bye()
+  }
+
+  function cError(e)
+  {
+    log('Client error', e)
+    bye()
+  }
+
+  function bye()
+  {
+    conn.end()
+    if(tls) tls.end()
+  }
+
+  function queue(data)
+  {
+    if(Array.isArray(body))
+      body.push(data)
+    else
+      send(data)
+  }
+
+  function headers(data)
+  {
+    prolog = prolog ? Buffer.concat([prolog, data]) : data
+    while(splitHdrs()){}
+  }
+
+  function splitHdrs()
+  {
+    for(var cr, L=prolog.length, i=0; i<L; i++)
+      if(10==prolog[i])
+      {
+        L = prolog
+        prolog = prolog.slice(i+1)
+        header(L.slice(0, i-(cr ? 1 : 0)).toString())
+        return true
+      }
+      else
+        cr = 13==prolog[i]
+  }
+
+  function header(line)
+  {
+    if(!line.length)
+      tlsConnect()
+    else
+      hs.push(line)
+  }
+
+  function tlsConnect()
+  {
+    body=[prolog]
+    prolog=new Buffer(0)
+    patchHeaders()
+    tls = ssl.connect({
+      servername: Host,
+      host: Host,
+      port: 443
+    })
+    tls
+      .on('secureConnect', tConnect)
+      .on('readable', tData)
+      .on('end', tEnd)
+      .on('error', tError)
+  }
+
+  function patchHeaders()
+  {
+    if(!hs.length) return
+    var verb = hs.shift()
+    hs=['Host', 'Origin']
+      .map(hostHeader)
+      .concat(hs.filter(filterHeader))
+    hs.unshift(verb)
+  }
+
+  function send(data)
+  {
+    if(data.length)
+      tls.write(data)
+  }
+
+  function tConnect()
+  {
+    log('TLS connected', 'Auth='+this.authorized,'CN='+this.getPeerCertificate().subject.CN)
+    send(hs.join('\r\n')+'\r\n\r\n')
+    body.forEach(send)
+    body = true
+  }
+
+  function tData()
+  {
+    var x
+    while(null!=(x=this.read()))
+      if(x.length) conn.write(x)
+  }
+
+  function tError(err)
+  {
+    log('TLS error', err)
+    bye()
+  }
+
+  function tEnd()
+  {
+    log('TLS closed')
+    bye()
+  }
+}
+
+function hostHeader(s)
+{
+  return s+': '+Host
+}
+
+function filterHeader(s)
+{
+  return !/^(?:host|origin):/i.test(s)
+}
+
+function log()
+{
+  var
+    d = new Date()
+    console.info.apply(
+      console,
+      ['['+d.toISOString().replace('T', ' ').replace(/Z$/, '')
+          +d.toTimeString().split(/\s+/)[1].replace(/^\w+/, ' ')+']']
+      .concat([].slice.call(arguments)))
+}

data/lib/em/wssh/server.rb

@@ -22,7 +22,7 @@ module Server
     puts <<-EOF
 Proxy ssh connection through websocket
 
-Usage: #{Exe.biname} [options...]
+#{Exe.usage} [options...]
 EOF
     helptions
   end
@@ -94,6 +94,12 @@ EOF
       end
       log "Connecting to", host
       EM.connect host, 22, Ssh, self
+      pinger
+    end
+
+    def pinger
+      return unless t=Server.options[:ping]
+      @timer=EM::PeriodicTimer.new(t){ws.ping if ws}
     end
 
     def ondata msg
@@ -148,6 +154,7 @@ EOF
     def bye
       ssh.close_connection if ssh
       ws.close if ws
+      @timer.cancel if @timer
       instance_variables.each{|v| remove_instance_variable v if '@count'!=v.to_s}
     end
   end

data/lib/em/wssh/service.rb

@@ -17,6 +17,7 @@ module Service
   -d --daemon      Run daemonized
   -h --help        Show this help
   -l --listen=port Listen to port
+  -p --ping[=sec]  Periodic ping
   -v --version     Show version
 EOF
     exit 1
@@ -30,6 +31,7 @@ EOF
       ['-d', '--daemon', GetoptLong::NO_ARGUMENT],
       ['-a', '--all', GetoptLong::NO_ARGUMENT],
       ['-v', '--version', GetoptLong::NO_ARGUMENT],
+      ['-p', '--ping', GetoptLong::OPTIONAL_ARGUMENT],
     )
     begin
       opts.each do |opt, arg|
@@ -42,6 +44,9 @@ EOF
           options[:base]=File.expand_path arg
         when '-a'
           options[:host]='0.0.0.0'
+        when '-p'
+          arg=arg.to_i
+          options[:ping]= arg<1 ? 50 : arg
         when '-v'
           puts VERSION
           exit 1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: em-wssh
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.6.0
 platform: ruby
 authors:
 - Stas Ukolov
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-06 00:00:00.000000000 Z
+date: 2015-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: em-websocket
@@ -87,8 +87,10 @@ files:
 - lib/em/wssh/all.rb
 - lib/em/wssh/client.rb
 - lib/em/wssh/connect.rb
+- lib/em/wssh/ephemeral.rb
 - lib/em/wssh/exe.rb
 - lib/em/wssh/help.rb
+- lib/em/wssh/index.js
 - lib/em/wssh/server.rb
 - lib/em/wssh/service.rb
 - lib/em/wssh/version.rb