em-wssh 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1ef81d191ad0809a51504e1f789f5e40f6c882be
-  data.tar.gz: da12d0d652fccf49292e6ee59917b607694d7af6
+  metadata.gz: bd71c6b444c01d0a53369ee3a19b4e249117fa87
+  data.tar.gz: a0e23c5ad1d09084ae419ff505358ca87094aad1
 SHA512:
-  metadata.gz: 3ed9868c3ed61ce056cfdc261a391ce2f8b5607fb8ff8cc99efe94babf248e316698a988ef97f160e2cf7e1f0213503956e90d27f7f73702f3f181d90470e82f
-  data.tar.gz: d60cee8efb8911ce45bfb880e036dff03ba8e65dd334e3c6ccf007de95248e8cd161c473384a6b18aff20b4ce31cad1429581079373e5cd7156a5df1eeefa839
+  metadata.gz: 3e807d7f77ffaed65ce0e065f2266735fe3290e2e01bef37e83ebcdaaa81c99bfb3ce599ab12f7751d11f726c3693b4023210b7ec78621e4f825e90b4013b6f5
+  data.tar.gz: a4576f6827cd4722b4a7fb64f54558386a4c4bab8ece93db875239ce4150ea086e9c23b3287b3b6171a078c57d58c5b57218773d561de51f5617b94a9a964085

data/README.md

@@ -34,6 +34,23 @@ Single command `wssh` is exported. Sometimes it should be `bundle exec wssh`.
 
 To run WSSH server say `wssh server`.
 
+You can set some options for server, ie:
+
+Most useful option is `--base=path` (or `-b`). It set path, where server files stored.
+By default this path is where gem installed. To use current directory say `wssh server -b.`
+
+This `base` path is used to locate `hosts.yml` file, which maps host requested by user to real servers.
+See [sample](hosts.yml). One can define direct map or regexp-style mapping (denoted by // with optional //i).
+If multiple regexps match user host, the last one wins.
+To disable connecting to host (or all hosts for regexp) map it to null or false.
+
+The `base` also is root for log file and pid file, created by server.
+
+Parameters `--listen=port` (`-l`) and `--all` (`-a`) define on what address server will listen.
+By default it is `localhost:4567`.
+
+Parameter `--daemon` will force server to go in background.
+
 ### nginx
 
 Directly exposing WSSH server to Internet is not a good idea.
@@ -77,6 +94,11 @@ x=Net::SSH.start 'sshd.local', 'root',
 puts x.exec! 'hostname'
 ```
 
+Proxy allows the same command line parameters as server.
+For proxy parameter `--ping` may be useful,
+it forces proxy to periodically send Websocket ping packets to server
+for nginx to not drop connection on timeout.
+
 ## API
 
 WSSH server, client or proxy can be start programmaticaly:

data/em-wssh.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "em-websocket"    # server side
   spec.add_dependency "faye-websocket"  # client side
+  spec.add_dependency "openssl-win-root" if Gem.win_platform?
 
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"

data/lib/em/wssh.rb

@@ -1,5 +1,5 @@
 module EventMachine
   module Wssh
-    VERSION = "0.6.0"
+    VERSION = "0.7.0"
   end
 end

data/lib/em/wssh/connect.rb

@@ -1,4 +1,5 @@
 require_relative 'service'
+require_relative 'uri'
 
 module EventMachine::Wssh
 module Connect
@@ -167,6 +168,7 @@ Simple HTTP CONNECT proxy to WSSH daemon
   end
 
   def self.listen!
+    options[:uri]=TLS.wrap options[:uri]
     conn=EM.start_server options[:host], options[:port], Http
     options[:onlisten].call Socket.unpack_sockaddr_in(EM.get_sockname conn)[0] if options[:onlisten]
   end

data/lib/em/wssh/ephemeral.rb

@@ -5,11 +5,9 @@ class Ephemeral
   extend Service
 
   @options={
-    tlswrap: true,
     base: '.',
     pid: 'tmp/pids/ephemeral.pid',
     log: 'log/ephemeral.log',
-    tls: 'log/tls.log',
   }
 
   %i(log options mkdir).each do |meth|
@@ -33,24 +31,7 @@ class Ephemeral
     sock.gets.to_i
   end
 
-  def tlswrap uri
-    return uri unless options[:tlswrap] and Gem.win_platform?
-    require 'uri'
-    z = URI uri
-    return uri unless %w(wss https).include? z.scheme
-    log "Running TLS Wrapper..."
-    spawn 'node', '.', myport.to_s, z.host,
-      chdir: __dir__,
-      %i(out err)=>File.open(mkdir(:tls), 'a')
-    z.scheme='ws'
-    z.host='localhost'
-    z.port=rport
-    z.to_s
-  end
-
   def allocate uri
-    uri = tlswrap uri
-
     log "Running WSSH proxy..."
     spawn *%w(bundle exec wssh ephemeral), myport.to_s, uri,
       %i(out err)=>File.open(mkdir(:log), 'a')

data/lib/em/wssh/service.rb

@@ -6,7 +6,7 @@ module Service
 
   def log *msg
     msg.unshift "[#{Time.now}]"
-    puts msg*' '
+    print msg*' '+"\n"
   end
 
   def helptions

data/lib/em/wssh/tls.rb

@@ -0,0 +1,110 @@
+require 'socket'
+require 'openssl'
+require 'openssl/win/root' if Gem.win_platform?
+
+require_relative 'service'
+
+module EventMachine::Wssh
+class TLS
+  extend Service
+
+  Chunk=0x10000
+
+  def self.run! host
+    @@host=host
+    s=TCPServer.new '127.0.0.1', 0
+    log "WSTunnel on #{s.addr} -> #{host}"
+    Thread.new do
+      new s.accept while true
+    end
+    s.addr[1]
+  end
+
+  def self.count
+    @n||=0
+    @n+=1
+  end
+
+  def initialize client
+    @count=self.class.count
+    @client=client
+    @t1=Thread.new{cloop!}
+  end
+
+  def log *msg
+    self.class.log "<&#{@count}>", *msg
+  end
+
+  def cloop!
+    begin
+      log "Connected from", @client.peeraddr
+      cloop
+    rescue=>e
+      log "Client error", e
+    ensure
+      log "Client disconnected"
+      @client.close
+      @t2.exit if @t2
+    end
+  end
+
+  def headerz
+    r=[]
+    until @client.eof
+      s=@client.gets.strip
+      break if 0==s.length
+      r << s
+    end
+    r
+  end
+
+  def headerz! headers
+    return headers if headers.length<1
+    verb=headers.shift
+    [verb]+
+    %w(Host Origin).map{|h| "#{h}: #{@@host}"}+
+    headers.reject{|h| /^(?:host|origin):/i.match h}
+  end
+
+  def connect!
+    srv=Socket.tcp @@host, 443
+    ctx=OpenSSL::SSL::SSLContext.new
+    ctx.set_params verify_mode: OpenSSL::SSL::VERIFY_PEER
+    srv=OpenSSL::SSL::SSLSocket.new srv, ctx
+    srv.hostname=@@host if srv.respond_to? :hostname=
+    srv.connect
+    srv
+  end
+
+  def cloop
+    h=headerz! headerz
+    if h.length<1
+      @client.write "HTTP/1.0 500 Invalid request\r\n"
+      return
+    end
+    @headers=h
+    @server=connect!
+    @t2=Thread.new{sloop!}
+    @server.write @client.readpartial Chunk until @client.eof
+  end
+
+  def sloop!
+    begin
+      log "Connected to server;", "Verify=#{@server.verify_result}"
+      sloop
+    rescue=>e
+      log "Server error", e
+    ensure
+      log "Server disconnected"
+      @server.close
+      @t1.exit
+    end
+  end
+
+  def sloop
+    @server.write @headers*"\r\n"+"\r\n"*2
+    @headers=nil
+    @client.write @server.readpartial Chunk until @server.eof
+  end
+end
+end

data/lib/em/wssh/uri.rb

@@ -0,0 +1,20 @@
+require 'uri'
+
+require_relative '../wssh'
+
+module EventMachine::Wssh
+class TLS
+
+  def self.wrap uri
+    return uri unless Gem.win_platform?
+    z = URI uri
+    return uri unless %w(wss https).include? z.scheme
+    require_relative 'tls'
+    z.port=TLS.run! z.host
+    z.scheme='ws'
+    z.host='localhost'
+    z.to_s
+  end
+
+end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: em-wssh
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Stas Ukolov
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-11 00:00:00.000000000 Z
+date: 2015-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: em-websocket
@@ -38,6 +38,20 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: openssl-win-root
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -90,9 +104,10 @@ files:
 - lib/em/wssh/ephemeral.rb
 - lib/em/wssh/exe.rb
 - lib/em/wssh/help.rb
-- lib/em/wssh/index.js
 - lib/em/wssh/server.rb
 - lib/em/wssh/service.rb
+- lib/em/wssh/tls.rb
+- lib/em/wssh/uri.rb
 - lib/em/wssh/version.rb
 - nginx/ssh
 homepage: https://github.com/ukoloff/em-wssh

data/lib/em/wssh/index.js

@@ -1,212 +0,0 @@
-//
-// Simple stunnel for Websocket
-//
-net = require('net')
-ssl = require('tls')
-
-if(4!=process.argv.length) help()
-
-var Host = process.argv[3]
-
-net.createServer(Req)
-.listen(0, On)
-
-var
-  myport,
-  Count=0,
-  _log=log
-
-function help()
-{
-  path = require('path')
-  log('Usage:', path.basename(__filename), 'port host')
-  process.exit()
-}
-
-function On()
-{
-  myport = this.address().port;
-  log("Listening", this.address())
-  net.connect(process.argv[2], 'localhost')
-    .on('connect', pConnect)
-    .on('end', pEnd)
-    .on('error', pError)
-}
-
-function pConnect()
-{
-  log('Connected to parent')
-  this.write(''+myport+'\n')
-}
-
-function pEnd()
-{
-  log('Parent closed')
-  process.exit()
-}
-
-function pError(err)
-{
-  log('Parent error', err)
-  process.exit()
-}
-
-function Req(conn)
-{
-  var
-    No=++Count, hs=[], prolog, body, tls
-
-  function log()
-  {
-    _log.apply(this, ['<'+No+'>'].concat([].slice.call(arguments)))
-  }
-
-  log("Client connected from", conn.remoteAddress+':'+conn.remotePort)
-
-  conn
-  .on('readable', cRead)
-  .on('end', cClose)
-  .on('error', cError)
-
-  function cRead()
-  {
-    var x
-    while(null!=(x=this.read()))
-      body ? queue(x) : headers(x)
-  }
-
-  function cClose()
-  {
-    log('Client disconnected')
-    bye()
-  }
-
-  function cError(e)
-  {
-    log('Client error', e)
-    bye()
-  }
-
-  function bye()
-  {
-    conn.end()
-    if(tls) tls.end()
-  }
-
-  function queue(data)
-  {
-    if(Array.isArray(body))
-      body.push(data)
-    else
-      send(data)
-  }
-
-  function headers(data)
-  {
-    prolog = prolog ? Buffer.concat([prolog, data]) : data
-    while(splitHdrs()){}
-  }
-
-  function splitHdrs()
-  {
-    for(var cr, L=prolog.length, i=0; i<L; i++)
-      if(10==prolog[i])
-      {
-        L = prolog
-        prolog = prolog.slice(i+1)
-        header(L.slice(0, i-(cr ? 1 : 0)).toString())
-        return true
-      }
-      else
-        cr = 13==prolog[i]
-  }
-
-  function header(line)
-  {
-    if(!line.length)
-      tlsConnect()
-    else
-      hs.push(line)
-  }
-
-  function tlsConnect()
-  {
-    body=[prolog]
-    prolog=new Buffer(0)
-    patchHeaders()
-    tls = ssl.connect({
-      servername: Host,
-      host: Host,
-      port: 443
-    })
-    tls
-      .on('secureConnect', tConnect)
-      .on('readable', tData)
-      .on('end', tEnd)
-      .on('error', tError)
-  }
-
-  function patchHeaders()
-  {
-    if(!hs.length) return
-    var verb = hs.shift()
-    hs=['Host', 'Origin']
-      .map(hostHeader)
-      .concat(hs.filter(filterHeader))
-    hs.unshift(verb)
-  }
-
-  function send(data)
-  {
-    if(data.length)
-      tls.write(data)
-  }
-
-  function tConnect()
-  {
-    log('TLS connected', 'Auth='+this.authorized,'CN='+this.getPeerCertificate().subject.CN)
-    send(hs.join('\r\n')+'\r\n\r\n')
-    body.forEach(send)
-    body = true
-  }
-
-  function tData()
-  {
-    var x
-    while(null!=(x=this.read()))
-      if(x.length) conn.write(x)
-  }
-
-  function tError(err)
-  {
-    log('TLS error', err)
-    bye()
-  }
-
-  function tEnd()
-  {
-    log('TLS closed')
-    bye()
-  }
-}
-
-function hostHeader(s)
-{
-  return s+': '+Host
-}
-
-function filterHeader(s)
-{
-  return !/^(?:host|origin):/i.test(s)
-}
-
-function log()
-{
-  var
-    d = new Date()
-    console.info.apply(
-      console,
-      ['['+d.toISOString().replace('T', ' ').replace(/Z$/, '')
-          +d.toTimeString().split(/\s+/)[1].replace(/^\w+/, ' ')+']']
-      .concat([].slice.call(arguments)))
-}