fenris 0.0.6 → 0.0.8

data/bin/fenris

@@ -3,14 +3,14 @@
 lib = File.expand_path(File.dirname(__FILE__) + '/../lib')
 $LOAD_PATH.unshift(lib) if File.directory?(lib) && !$LOAD_PATH.include?(lib)
 
-require 'fenris/em'
 require 'fenris/command'
 require 'fenris/client'
+require 'fenris/connection'
 
-args = ARGV.dup
-ARGV.clear
-command = args.shift.strip rescue 'help'
+#args = ARGV.dup
+#ARGV.clear
+#command = args.shift.strip rescue 'help'
 #arg = args.shift.strip rescue nil
 
-Fenris::Command.run command, *args
+Fenris::Command.run ARGV
 

data/bin/xx

@@ -0,0 +1,156 @@
+#!/usr/bin/env ruby
+
+require 'optparse'
+require 'socket'
+require 'ostruct'
+require 'uri'
+
+module Fenris
+  class Command
+    def self.run(args)
+      url = URI.parse(ENV['FENRIS_URL'] || 'https://broker.fenris.cc/')
+      args, options, help = parse(args)
+      fenris = Fenris::Client.new url, options
+      command = args.shift
+      arg = args.first
+
+      case [ command, args.length ] 
+      when [ "info", 0 ] 
+        fenris.update_user_config
+        printf "INFO:\n"
+        printf "  %s\n", fenris.user_name
+        unless fenris.users.empty?
+          puts "SUBACCOUNTS:"
+          fenris.users.each { |c| printf "  %-20s\n", c["name"] }
+        end
+        unless fenris.consumers.empty?
+          puts "CLIENTS:"
+          fenris.consumers.each { |c| printf "  %-20s\n", c["name"] }
+        end
+        unless fenris.providers.empty?
+          puts "SERVICES:"
+          fenris.providers.each { |c| printf "  %-20s  %s\n", c["name"], c["location"] }
+        end
+      when [ "useradd", 1 ] 
+        Fenris::Client.new(url, options).useradd(arg)
+        puts "user added"
+      when [ "userdel", 1 ] 
+        Fenris::Client.new(url, options).userdel(arg)
+        puts "ok"
+      when [ "sync", 0 ] 
+        fenris.update_config
+      when [ "rekey", 0 ] 
+        Fenris::Client.new(url, options).rekey
+        puts "rekey complete"
+      when [ "add", 1 ] 
+        Fenris::Client.new(url, options).add(arg)
+        puts "ok"
+      when [ "remove", 1 ] 
+        Fenris::Client.new(url, options).remove(arg)
+        puts "ok"
+      when [ "provide", 1 ] 
+        Fenris::Client.new(url, options).provide(arg)
+      when [ "consume", 0 ] 
+        Fenris::Client.new(url, options).consume
+      when [ "consume", 1 ] 
+        Fenris::Client.new(url, options).consume(arg)
+      when [ "consume", 2 ] 
+        Fenris::Client.new(url, options).consume(args[0] => args[1])
+      else
+        case commands[0]
+        when "exec"
+          options.quiet = true
+          Fenris::Client.new(url, options).exec(*args)
+        else
+          puts help
+          exit
+        end
+      end
+
+    end
+
+    def self.parse(args)
+      options = OpenStruct.new
+      options.port     = 10001
+      options.host     = Socket.gethostname
+      options.user     = ENV['FENRIS_USER']
+      options.password = ENV['FENRIS_AUTHKEY']
+      options.config   = ENV['FENRIS_CONFIG'] || "#{ENV["HOME"]}/.fenris"
+      options.debug    = !! ENV['FENRIS_DEBUG']
+      options.autosync = true
+
+      opts = OptionParser.new do |opts|
+        opts.banner    = "Usage: fenris [options] COMMAND" 
+        opts.separator ""
+        opts.separator "Commands:"
+        opts.separator ""
+        opts.separator "  fenris info                          # info about current user and connections" 
+        opts.separator "  fenris useradd NAME                  # create a new subaccount"
+        opts.separator "  fenris userdel NAME                  # delete a subaccount"
+        opts.separator "  fenris add USER                      # allow USER to consume service"
+        opts.separator "  fenris remove USER                   # disallow USER to consume service"
+        opts.separator "  fenris provide BINDING               # provide a local service"
+        opts.separator "  fenris consume [ USER [ BINDING ] ]  # consume one (or all) remote services"
+        opts.separator "  fenris exec COMMAND                  # consume services and run COMMAND.  Terminates when command exits."
+        opts.separator "  fenris sync                          # sync config with broker"
+        opts.separator "  fenris rekey                         # generate a new authkey for the user"
+        opts.separator "  fenris bind USER BINDING             # bind a remote service to a local binding"
+        opts.separator ""
+        opts.separator "Bindings can take the form of:"
+        opts.separator ""
+        opts.separator "  PORT, :PORT, HOST:PORT, /PATH/TO/UNIX_SOCKET, or -- for STDIN"
+        opts.separator ""
+        opts.separator "Options:"
+
+        opts.on("-u", "--user USER", "Connect as USER.  Default is $FENRIS_USER.") do |user|
+          options.user = user
+        end
+
+        opts.on("-c", "--config DIR", "Store config information in DIR.  Default is $HOME/.fenris or $FENRIS_CONFIG.") do |dir|
+          options.config = dir
+        end
+
+        opts.on("-h", "--hostname HOST", "Hostname given to consumers on 'provide'. Default is `hostname`.") do |dir|
+          options.config = dir
+        end
+
+        opts.on("-p", "--port PORT", "") do |dir|
+          options.config = dir
+        end
+
+        opts.on("-q", "--quiet", "Do not print log messages.") do
+          options.quiet = true
+        end
+
+        opts.on("-d", "--debug", "Print debugging messages.  Default is $FENRIS_DEBUG.") do
+          options.debug = true
+        end
+
+        opts.on("-a", "--[no-]autosync", "Automatically sync updates from the broker. Default is true.") do |auto|
+          options.autosync = auto
+        end
+
+        opts.on("-h", "--help", "Show this message") do
+          puts opts
+          exit
+        end
+
+        opts.on("--version", "Show version") do
+          puts Fenris::VERSION
+          exit
+        end
+        opts.separator ""
+      end
+
+      begin
+        commands = opts.parse!(args)
+      rescue OptionParser::InvalidOption
+        puts opts
+        exit
+      end
+      [ commands, options, opts.to_s ]
+    end
+  end
+end
+
+Fenris::Command.run(ARGV)

data/lib/fenris/client.rb

@@ -3,64 +3,191 @@ require 'json'
 require 'openssl'
 require 'uri'
 require 'eventmachine'
+require 'ostruct'
 
 module Fenris
+
+  class NoSuchProvider < RuntimeError; end
+
   class Client
-    def initialize(url)
+    def initialize(url, options = OpenStruct.new)
       @url = url
       @url = URI.parse(url) unless url.is_a? URI
-      @quiet = false
+      options = OpenStruct.new options if options.is_a? Hash
+      @options = options
+      @verbose = false
+    end
+
+    def options
+      @options
+    end
+
+    def url
+      @url.user = options.user
+      @url.password = read_config_file("#{user_name}.authkey")
+      @url.password ||= options.password
+      @url.password ||= get_authkey_from_stdin
+      @url
+    end
+
+    def get_authkey_from_stdin
+      system "stty -echo"
+      print "Authkey: "
+      password = gets.chomp
+      system "stty echo"
+      password
+    end
+
+    def config_dir
+      options.config
+    end
+
+    def verify_private_key
+      if key = read_config_file("#{user_name}.key")
+        log "using existing key    #{digest key}" if @verbose
+      else
+        key = OpenSSL::PKey::RSA.new(2048)
+        write key
+        log "new rsa key generated #{digest key}"
+      end
+    end
+
+    def verify_cert(cn)
+      if cert = read_cert(cn)
+        log "existing cert         #{digest cert} :: #{cert.not_after} :: #{cn}" if @verbose
+      else
+        cert = OpenSSL::X509::Certificate.new(RestClient.post("#{url}cert", :csr => generate_csr(cn)))
+        write cert
+        log "new cert received     #{digest cert} :: #{cert.not_after} :: #{cn}"
+      end
+    end
+
+    def read_cert cn
+      if cert = read_config_file("#{cn}.crt")
+        if cert.not_after > Time.now
+          cert
+        else
+          log "cert expired          #{digest cert} :: #{cert.not_after} :: #{cn}"
+          nil
+        end
+      end
+    end
+
+    def my_cert
+      read_config_file "#{user_name}.crt"
+    end
+
+    def my_key
+      read_config_file "#{user_name}.key"
+    end
+
+    def cert(name)
+      read_config_file "#{user_name}:#{name}.crt"
+    end
+
+    def cert_path(name)
+      "#{config_dir}/#{user_name}:#{name}.crt"
+    end
+
+    def my_cert_path
+      "#{config_dir}/#{user_name}.crt"
+    end
+
+    def my_key_path
+      "#{config_dir}/#{user_name}.key"
     end
 
-    def quiet= val
-      @quiet = val
+    def write_cert(cert)
+      write_config_file "#{get_cn(cert)}.crt", cert
+    end
+
+    def write_config_file name, data
+      File.umask 0077
+      Dir.mkdir config_dir unless Dir.exists? config_dir
+      File.open("#{config_dir}/#{name}","w") { |f| f.write(data) }
+    end
+
+    def read_config_file name
+      path = "#{config_dir}/#{name}"
+      if not File.exists? path
+        nil
+      elsif name =~ /[.]json$/
+        JSON.parse File.read(path)
+      elsif name =~ /[.]crt$/
+        OpenSSL::X509::Certificate.new File.read(path)
+      elsif name =~ /[.]key$/
+        OpenSSL::PKey::RSA.new File.read(path)
+      else
+        File.read path
+      end
+    end
+
+    def write object
+      if object.is_a? OpenSSL::X509::Certificate
+        write_config_file "#{get_cn(object)}.crt", object.to_pem
+      elsif object.is_a? OpenSSL::PKey::RSA
+        write_config_file "#{user_name}.key", object.to_pem
+      else
+        write_config_file "#{user_name}.json", object.to_json
+      end
     end
 
     def debug(message)
-      puts "DEBUG: #{message}" if ENV['DEBUG'] and !@quiet
+      puts "DEBUG: #{message}" if options.debug and not options.quiet
     end
 
     def log(message)
-      puts "LOG: #{message}" if not @quiet
+      puts "LOG: #{message}" if not options.quiet
     end
 
-    def update(location)
-      RestClient.put("#{@url}", { :location => location }, :content_type => :json, :accept => :json)
+    def post_location
+      RestClient.put("#{url}", { :location => location }, :content_type => :json, :accept => :json)
     end
-  
+
     def user
-      @user ||= JSON.parse RestClient.get("#{@url}", :content_type => :json, :accept => :json)
+       @user ||= read_config_file "config.json"
     end
 
     def ssl?
       @url.scheme == "https"
     end
 
-    def async_connection
-      @async_connection = nil if @async_connection && @async_connection.error?
-      @async_connection ||= EM::Protocols::HttpClient2.connect :host => @url.host, :port => @url.port, :ssl => ssl?
+    def update_user_config
+      @user = JSON.parse RestClient.get("#{url}", :content_type => :json, :accept => :json)
+      write_config_file "#{user_name}.authkey", @url.password
+      write user
     end
 
-    def auth_string
-      "Basic " + ["#{@url.user}:#{@url.password}"].pack('m').strip.gsub(/\n/,'')
+    def update_config(verbose = true)
+      @verbose = verbose
+      log "updating config in #{config_dir}" if @verbose
+      update_user_config
+      log "have update user config" if @verbose
+      write_config_file "root.crt", RestClient.get("#{url}cert") ## TODO find a way to get this out of the connection info
+      verify_private_key
+      verify_cert user_name
+      providers.each do |p|
+        verify_cert "#{user_name}:#{p["name"]}"
+      end
+      @verbose = false
     end
 
-    def async_update(&blk)
-      request = async_connection.get(:uri => "/", :authorization => auth_string )
-      request.callback do |response|
-        if response.status == 200
-          # TODO - output if something has changed
-          @broker ||= OpenSSL::X509::Certificate.new(async_connection.get_peer_cert) if ssl?
-          @user = JSON.parse response.content
-        else
-          log "Error updating user info"
-          debug response.status
-          @async_connection = nil
-        end
-        blk.call if blk
+    def provider_map
+      Hash[ * providers.map { |p| [ p["name"], p["binding"] ] }.flatten ]
+    end
+
+    def location_of(provider)
+      if p = providers.detect { |p| p["name"] == provider }
+        p["locations"].first
+      else
+        raise NoSuchProvider, provider
       end
     end
 
+    def location
+      "#{options.host}:#{options.port}"
+    end
+
     def consumers
       user["consumers"]
     end
@@ -70,27 +197,31 @@ module Fenris
     end
 
     def user_name
-      user["name"]
-    end
-
-    def route
-      user["location"]
+      options.user
     end
 
     def remove(name)
-      RestClient.delete("#{@url}consumers/#{name}");
+      update_user_config
+      RestClient.delete("#{url}consumers/#{name}");
     end
 
     def add(name)
-      RestClient.post("#{@url}consumers", { :name => name }, :content_type => :json, :accept => :json);
+      update_user_config
+      RestClient.post("#{url}consumers", { :name => name }, :content_type => :json, :accept => :json);
     end
 
     def useradd(name)
-      JSON.parse RestClient.post("#{@url}users", { :name => name }, :content_type => :json, :accept => :json);
+      update_user_config
+      newuser = JSON.parse RestClient.post("#{url}users", { :name => name }, :content_type => :json, :accept => :json);
+      write_config_file "#{newuser["name"]}.authkey", newuser["authkey"]
+      newuser
     end
 
     def rekey
-      RestClient.post("#{@url}authkeys", { }, :content_type => :json, :accept => :json);
+      update_user_config
+      newkey = RestClient.post("#{url}authkeys", { }, :content_type => :json, :accept => :json);
+      write_config_file "#{user_name}.authkey", newkey
+      newkey
     end
 
     def users
@@ -98,24 +229,21 @@ module Fenris
     end
 
     def userdel(name)
-      RestClient.delete("#{@url}users/#{name}", :content_type => :json, :accept => :json);
+      update_user_config
+      RestClient.delete("#{url}users/#{name}", :content_type => :json, :accept => :json);
     end
 
     def bind(name, binding)
-      RestClient.put("#{@url}providers/#{name}", { :binding => binding }, :content_type => :json, :accept => :json);
+      update_user_config
+      RestClient.put("#{url}providers/#{name}", { :binding => binding }, :content_type => :json, :accept => :json);
     end
 
     def digest obj
       OpenSSL::Digest::SHA1.new(obj.to_der).to_s
     end
 
-    def generate_csr(provider)
-      if provider == :self
-        subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{user_name}"
-      else
-        subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{user_name}:#{provider}"
-      end
-      log "CSR: #{subject}"
+    def generate_csr(cn)
+      subject = OpenSSL::X509::Name.parse "/DC=org/DC=fenris/CN=#{cn}"
       digest = OpenSSL::Digest::SHA1.new
       req = OpenSSL::X509::Request.new
       req.version = 0
@@ -138,7 +266,7 @@ module Fenris
       consumer_cn,provider_cn = cert_cn.split ":"
       provider_cn_ok = !!user_name
       consumer_cn_ok = !!valid_peer_names.detect { |name| name == consumer_cn }
-      cert_ok = !!consumer_cert.verify(broker.public_key)
+      cert_ok = !!consumer_cert.verify(root.public_key)
       log "Consumer Cert CN '#{cert_cn}' displays correct provider? #{provider_cn_ok}"
       log "Consumer Cert CN '#{cert_cn}' in allowed_list? #{consumer_cn_ok}"
       log "Consumer Cert Signed By Broker? '#{cert_ok}'"
@@ -150,71 +278,50 @@ module Fenris
       result
     end
 
-    def cleanup
-      providers.each do |provider|
-        log "Deleting socket '#{provider["binding"]}'."
-        File.delete provider["binding"] if File.exists? provider["binding"]
-      end
-      ## TODO - gawd! ugly!
-      [ *providers.map { |c| c["name"] }.map { |provider| cert_path(provider) }, cert_path, key_path ].each do |f|
-        if File.exists? f
-          log "Deleting file #{f}"
-          File.delete f
-        end
-      end
-    end
-
-    def save_keys
-      providers.map { |c| c["name"] }.each do |provider|
-        File.open(cert_path(provider),"w") { |f| f.write cert(provider).to_pem } unless File.exists? cert_path(provider)
-      end
-      File.open(cert_path,"w") { |f| f.write cert.to_pem } unless File.exists? cert_path
-      File.open(key_path,"w") { |f| f.write key.to_pem } unless File.exists? key_path
+    def root
+      read_config_file "root.crt"
     end
 
-    def gen_cert(provider)
-      cert = OpenSSL::X509::Certificate.new(RestClient.post("#{@url}cert", :csr => generate_csr(provider)))
-      log "new cert received     #{digest cert}"
-      cert
+    def key
+      read_config_file "#{user_name}.key"
     end
 
-    def gen_key
-      key = OpenSSL::PKey::RSA.new(2048)
-      log "new rsa key generated #{digest key}"
-      key
-    end
+    UPDATE_INTERVAL = 10
 
-    def get_broker
-      cert = OpenSSL::X509::Certificate.new(RestClient.get("#{@url}cert"))
-      log "got cert from broker #{digest cert} #{cert.subject}"
-      cert
+    def provide(local_binding)
+      update_config
+      EventMachine::run do
+        EventMachine::PeriodicTimer.new(UPDATE_INTERVAL) { Thread.new { update_config(false) } } if options.autosync
+        post_location
+        ProviderServer.begin(self, location, local_binding)
+      end
     end
 
-    def broker
-      @broker ||= OpenSSL::X509::Certificate.new(RestClient.get("#{@url}cert"))
-    end
+    def consume(arg = nil, &blk)
+      update_config
 
-    def cert(provider = :self)
-      @cert ||= {}
-      @cert[provider] ||= OpenSSL::X509::Certificate.new(File.read(cert_path(provider))) rescue nil
-      @cert[provider] ||= gen_cert(provider)
-    end
+      map = arg if arg.is_a? Hash
+      map = { arg => provider_map[arg] } if arg.is_a? String
+      map ||= provider_map
 
-    def key
-      @key ||= OpenSSL::PKey::RSA.new(File.read(key_path)) rescue nil
-      @key ||= gen_key
-    end
-
-    def cert_path(provider = :self)
-      if provider == :self
-        ".#{user_name}.cert"
-      else
-        ".#{user_name}:#{provider}.cert"
+      EventMachine::run do
+        EventMachine::PeriodicTimer.new(UPDATE_INTERVAL) { update_config(false) } if options.autosync
+        map.each do |provider, binding|
+          ConsumerLocal.begin(self, location_of(provider), provider, binding)
+        end
+        blk.call if blk
       end
     end
 
-    def key_path
-      ".#{user_name}.key"
+    def exec(*args)
+      command = args.join(' ')
+      consume do
+        Thread.new do
+          system command
+          EventMachine::stop
+        end
+      end
     end
   end
 end
+

data/lib/fenris/command.rb

@@ -1,87 +1,178 @@
+require 'optparse'
+require 'socket'
+require 'ostruct'
+require 'uri'
+
 module Fenris
-  module Command
-    def self.run(command, *args)
-      arg, name = args
+  class Command
+    def self.run(args)
       begin
-        url = URI.parse(ENV['FENRIS_URL'] || 'https://broker.fenris.cc/')
-        url.user ||= ENV['FENRIS_USER']
-        url.password ||= ENV['FENRIS_AUTHKEY']
-        client = Fenris::Client.new url
-        help = [ "Usage: fenris help\n",
-                 "       fenris info\n",
-                 "       fenris bind PROVIDER BINDING\n",
-                 "       fenris useradd NAME\n",
-                 "       fenris userdel NAME\n",
-                 "       fenris users\n",
-                 "       fenris rekey\n",
-                 "       fenris add CONSUMER\n",
-                 "       fenris remove CONSUMER\n",
-                 "       fenris exec COMMAND\n",
-                 "       fenris provide BINDING\n",
-                 "       fenris consume [ USER [ BINDING ] ]" ]
+        run_command(args)
+      rescue RestClient::Conflict
+        puts "Duplicate"
+      rescue RestClient::Unauthorized
+        puts "Unauthorized"
+      rescue RestClient::ResourceNotFound
+        puts "Resource Not Found"
+      rescue Fenris::NoSuchProvider => e
+        puts "No such provider '#{e.message}'"
+        exit
+      end
+    end
+
+    def self.run_command(args)
+      url = URI.parse(ENV['FENRIS_URL'] || 'https://broker.fenris.cc/')
+      args, options, help = parse(args)
+      fenris = Fenris::Client.new url, options
+      command = args.shift
+      arg = args.first
+
+      case [ command, args.length ]
+      when [ "info", 0 ]
+        fenris.update_user_config
+        printf "INFO:\n"
+        printf "  %s\n", fenris.user_name
+        unless fenris.users.empty?
+          puts "SUBACCOUNTS:"
+          fenris.users.each { |c| printf "  %-20s\n", c["name"] }
+        end
+        unless fenris.consumers.empty?
+          puts "CLIENTS:"
+          fenris.consumers.each { |c| printf "  %-20s\n", c["name"] }
+        end
+        unless fenris.providers.empty?
+          puts "SERVICES:"
+          fenris.providers.each { |c| printf "  %-20s  [%s] %s\n", c["name"], c["binding"], c["location"] }
+        end
+      when [ "useradd", 1 ]
+        fenris.useradd(arg)
+        puts "user added"
+      when [ "userdel", 1 ]
+        fenris.userdel(arg)
+        puts "ok"
+      when [ "bind", 2 ]
+        fenris.bind(args[0], args[1])
+      when [ "sync", 0 ]
+        fenris.update_config
+      when [ "rekey", 0 ]
+        fenris.rekey
+        puts "rekey complete"
+      when [ "add", 1 ]
+        fenris.add(arg)
+        puts "ok"
+      when [ "remove", 1 ]
+        fenris.remove(arg)
+        puts "ok"
+      when [ "provide", 1 ]
+        fenris.provide(arg)
+      when [ "consume", 0 ]
+        fenris.consume
+      when [ "consume", 1 ]
+        fenris.consume(arg)
+      when [ "consume", 2 ]
+        fenris.consume(args[0] => args[1])
+      else
         case command
-          when "users"
-            client.users.each do |u|
-              puts u["name"]
-            end
-          when "userdel"
-            client.userdel(arg)
-            puts "ok"
-          when "useradd"
-            new_user = client.useradd(arg)
-            puts "New user created"
-            puts "export FENRIS_USER='#{new_user["name"]}'"
-            puts "export FENRIS_AUTHKEY='#{new_user["authkey"]}'"
-          when "rekey"
-            newkey = client.rekey
-            puts "New Key Assigned:"
-            puts "export FENRIS_AUTHKEY='#{newkey}'"
-          when "cert"
-            puts client.cert.to_text
-          when "bind"
-            client.bind(arg,name)
-          when "add"
-            client.add(arg)
-          when "remove"
-            client.remove(arg)
-          when "info"
-            printf "INFO:\n"
-            printf "  %s\n", client.user["name"]
-            unless client.users.empty?
-              puts "SUBACCOUNTS:"
-              client.users.each { |c| printf "  %-20s\n", c["name"] }
-            end
-            unless client.consumers.empty?
-              puts "CLIENTS:"
-              client.consumers.each { |c| printf "  %-20s\n", c["name"] }
-            end
-            unless client.providers.empty?
-              puts "SERVICES:"
-              client.providers.each { |c| printf "  %-20s  %s\n", c["name"], c["location"] }
-            end
-          when "provide"
-            external = "#{Socket.gethostname}:#{10001}"
-            internal = arg
-            Fenris::Base.provide(client, external, internal)
-          when "consume"
-            Fenris::Base.consume(client, arg, name)
-          when "exec"
-            client.quiet = true
-            Fenris::Base.exec(client, *args)
-          else
-            puts command.inspect
-            puts help
+        when "exec"
+          options.quiet = true
+          Fenris::Client.new(url, options).exec(*args)
+        else
+          puts help
+          exit
+        end
+      end
+    end
+
+    def self.parse(args)
+      extra = []
+      options = OpenStruct.new
+      options.port     = 10001
+      options.host     = Socket.gethostname
+      options.user     = ENV['FENRIS_USER']
+      options.password = ENV['FENRIS_AUTHKEY']
+      options.config   = ENV['FENRIS_CONFIG'] || "#{ENV["HOME"]}/.fenris"
+      options.debug    = !! ENV['FENRIS_DEBUG']
+      options.autosync = true
+
+      if i = args.index("exec")
+        extra = args[i..(args.length)]
+        if i > 0
+          args  = args[0..(i-1)]
+        else
+          args  = []
+        end
+      end
+
+      opts = OptionParser.new do |opts|
+        opts.banner    = "Usage: fenris [options] COMMAND"
+        opts.separator ""
+        opts.separator "Commands:"
+        opts.separator ""
+        opts.separator "  fenris info                          # info about current user and connections"
+        opts.separator "  fenris useradd NAME                  # create a new subaccount"
+        opts.separator "  fenris userdel NAME                  # delete a subaccount"
+        opts.separator "  fenris add USER                      # allow USER to consume service"
+        opts.separator "  fenris remove USER                   # disallow USER to consume service"
+        opts.separator "  fenris provide BINDING               # provide a local service"
+        opts.separator "  fenris consume [ USER [ BINDING ] ]  # consume one (or all) remote services"
+        opts.separator "  fenris exec COMMAND                  # consume services and run COMMAND.  Terminates when command exits."
+        opts.separator "  fenris sync                          # sync config with broker"
+        opts.separator "  fenris rekey                         # generate a new authkey for the user"
+        opts.separator "  fenris bind USER BINDING             # bind a remote service to a local binding"
+        opts.separator ""
+        opts.separator "Bindings can take the form of:"
+        opts.separator ""
+        opts.separator "  PORT, :PORT, HOST:PORT, /PATH/TO/UNIX_SOCKET, or -- for STDIN"
+        opts.separator ""
+        opts.separator "Options:"
+
+        opts.on("-u", "--user USER", "Connect as USER.  Default is $FENRIS_USER.") do |user|
+          options.user = user
         end
+
+        opts.on("-c", "--config DIR", "Store config information in DIR.  Default is $HOME/.fenris or $FENRIS_CONFIG.") do |dir|
+          options.config = dir
+        end
+
+        opts.on("-h", "--hostname HOST", "Hostname given to consumers on 'provide'. Default is `hostname`.") do |dir|
+          options.config = dir
+        end
+
+        opts.on("-p", "--port PORT", "") do |dir|
+          options.config = dir
+        end
+
+        opts.on("-q", "--quiet", "Do not print log messages.") do
+          options.quiet = true
+        end
+
+        opts.on("-d", "--debug", "Print debugging messages.  Default is $FENRIS_DEBUG.") do
+          options.debug = true
+        end
+
+        opts.on("-a", "--[no-]autosync", "Automatically sync updates from the broker. Default is true.") do |auto|
+          options.autosync = auto
+        end
+
+        opts.on("-h", "--help", "Show this message") do
+          puts opts
+          exit
+        end
+
+        opts.on("--version", "Show version") do
+          puts Fenris::VERSION
+          exit
+        end
+        opts.separator ""
+      end
+
+      begin
+        commands = opts.parse!(args)
+      rescue OptionParser::InvalidOption
+        puts opts
         exit
       end
-    rescue SystemExit
-    rescue RestClient::Conflict
-      puts "Duplicate"
-    rescue RestClient::Unauthorized
-      puts "Unauthorized"
-    rescue RestClient::ResourceNotFound
-      puts "Resource Not Found"
-      exit
+      [ commands + extra, options, opts.to_s ]
     end
   end
 end

data/lib/fenris/command.rb.old

@@ -0,0 +1,90 @@
+module Fenris
+  module Command
+    def self.run(command, *args)
+      arg, name = args
+      begin
+        url = URI.parse(ENV['FENRIS_URL'] || 'https://broker.fenris.cc/')
+        url.user ||= ENV['FENRIS_USER']
+        url.password ||= ENV['FENRIS_AUTHKEY']
+        client = Fenris::Client.new url
+        help = [ "Usage: fenris help\n",
+                 "       fenris info\n",
+                 "       fenris bind PROVIDER BINDING\n",
+                 "       fenris useradd NAME\n",
+                 "       fenris userdel NAME\n",
+                 "       fenris update\n",
+                 "       fenris rekey\n",
+                 "       fenris add CONSUMER\n",
+                 "       fenris remove CONSUMER\n",
+                 "       fenris exec COMMAND\n",
+                 "       fenris provide BINDING\n",
+                 "       fenris consume [ USER [ BINDING ] ]" ]
+        case command
+          when "update"
+            client.update_config
+          when "userdel"
+            client.update_user_config
+            client.userdel(arg)
+            puts "ok"
+          when "useradd"
+            client.update_user_config
+            new_user = client.useradd(arg)
+            puts "New user created '#{new_user["name"]}'"
+          when "rekey"
+            client.update_user_config
+            newkey = client.rekey
+            puts "Rekey Complete"
+          when "cert"
+            client.update_user_config
+            puts client.cert.to_text
+          when "bind"
+            client.update_user_config
+            client.bind(arg,name)
+          when "add"
+            client.update_user_config
+            client.add(arg)
+          when "remove"
+            client.update_user_config
+            client.remove(arg)
+          when "info"
+            client.update_user_config
+            printf "INFO:\n"
+            printf "  %s\n", client.user["name"]
+            unless client.users.empty?
+              puts "SUBACCOUNTS:"
+              client.users.each { |c| printf "  %-20s\n", c["name"] }
+            end
+            unless client.consumers.empty?
+              puts "CLIENTS:"
+              client.consumers.each { |c| printf "  %-20s\n", c["name"] }
+            end
+            unless client.providers.empty?
+              puts "SERVICES:"
+              client.providers.each { |c| printf "  %-20s  %s\n", c["name"], c["location"] }
+            end
+          when "provide"
+            external = "#{Socket.gethostname}:#{10001}"
+            internal = arg
+            client.provide(external, internal)
+          when "consume"
+            client.consume(arg, name)
+          when "exec"
+            client.quiet = true
+            client.exec(*args)
+          else
+            puts command.inspect
+            puts help
+        end
+        exit
+      end
+    rescue SystemExit
+    rescue RestClient::Conflict
+      puts "Duplicate"
+    rescue RestClient::Unauthorized
+      puts "Unauthorized"
+    rescue RestClient::ResourceNotFound
+      puts "Resource Not Found"
+      exit
+    end
+  end
+end

data/lib/fenris/connection.rb

@@ -0,0 +1,124 @@
+require 'eventmachine'
+
+module Fenris
+  class Connection < EventMachine::Connection
+    def self.mkbinding(action, binding)
+      if binding =~ /^:?(\d+)$/
+        [ action, "0.0.0.0", $1.to_i ]
+      elsif binding =~ /^(.+):(\d+)/
+        [ action, $1, $2.to_i ]
+      elsif binding == "--"
+        [ :attach, $stdin ]
+      else
+        [ action, binding ]
+      end
+    end
+
+    def initialize(client = nil, options = {})
+      @client = client
+      ## TODO -- peer_to_be vs @peer is a poor name choice - refactor
+      ## sometimes I call the proxying connection on the local box 'peer', sometimes I call the other fenris process 'peer' - confusing
+      @binding      = options[:binding]
+      @peer_to_be   = options[:peer]
+      @peer_name    = options[:peer_name]
+      @peer_binding = options[:peer_binding]
+      @peer = []
+    end
+
+    def log msg
+      @client.log msg if @client
+    end
+
+    def push(data)
+      # this is the black magic to switch @peer between a connection and an array
+      send_data data
+    end
+
+    def ssl_verify_peer(pem)
+      @verify ||= @client.validate_peer pem, @peer_to_be, @peer_name
+    end
+
+    def unbind
+      log "Connection closed"
+      @unbound = true
+      ## TODO clean up buffer vs peer vs peer_to_be
+      (@peer_to_be || @peer).close_connection_after_writing rescue nil
+      close_connection
+      EventMachine::stop if @binding[0] == :attach
+    end
+
+    def ssl_handshake_completed
+      @post_ssl.call
+    end
+
+    def proxy(peer, leader = true)
+      peer.close if @unbound
+      @peer.each { |d| peer.push d}
+      @peer = peer
+      @peer_to_be = nil
+      if leader
+        @peer.proxy(self, false)
+        EventMachine::enable_proxy(self, @peer)
+      end
+    end
+
+    def proxy_target_unbound
+      unbind
+    end
+
+    def receive_data data
+      @peer.push data
+    end
+  end
+
+  class ProviderServer < Connection
+    def self.begin(client, provider_binding, local_binding)
+      client.log "Serving port #{local_binding} on #{provider_binding}"
+      server_em = mkbinding(:start_server, provider_binding)
+      local_em = mkbinding(:connect, local_binding)
+      EventMachine::__send__ *server_em, self, client, :peer_binding => local_em, :binding => server_em
+    end
+
+    def post_init
+      log "New connection - begin ssl handshake"
+      start_tls :private_key_file => @client.my_key_path, :cert_chain_file => @client.my_cert_path, :verify_peer => true
+    end
+
+    def ssl_handshake_completed
+      log "SSL complete - open local connection"
+      EventMachine::__send__ *@peer_binding, ProviderLocal, @client, :peer => self, :binding => @peer_binding
+    end
+  end
+
+  class ProviderLocal < Connection
+    def post_init
+      log "start proxying"
+      @peer_to_be.proxy self
+    end
+  end
+
+  class ConsumerLocal < Connection
+    def self.begin(client, provider_binding, provider_name, consumer_binding)
+      local_em = mkbinding(:start_server, consumer_binding)
+      provider_em = mkbinding(:connect, provider_binding)
+      client.log consumer_binding.inspect
+      EventMachine::__send__ *local_em, self, client, :peer_name => provider_name, :peer_binding => provider_em, :binding => local_em
+    end
+
+    def post_init
+      EventMachine::__send__ *@peer_binding, ConsumerProvider, @client, :peer_name => @peer_name, :peer => self, :binding => @peer_binding
+    end
+  end
+
+  class ConsumerProvider < Connection
+    def post_init
+      log "Connection to the server made, starting ssl"
+      start_tls :private_key_file => @client.my_key_path, :cert_chain_file => @client.cert_path(@peer_name), :verify_peer => true
+    end
+
+    def ssl_handshake_completed
+      log "SSL complete - start proxying"
+      @peer_to_be.proxy self
+    end
+  end
+end

data/lib/fenris/version.rb

@@ -1,3 +1,3 @@
 module Fenris
-  VERSION = "0.0.6"
+  VERSION = "0.0.8"
 end

metadata

@@ -1,11 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: fenris
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.8
   segments:
   - 0
   - 0
-  - 6
+  - 8
   prerelease: false
 platform: ruby
 authors:
@@ -13,12 +13,12 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-10-26 00:00:00.000000000 -07:00
+date: 2011-11-01 00:00:00.000000000 -07:00
 default_executable: 
 dependencies:
 - !ruby/object:Gem::Dependency
   name: eventmachine
-  requirement: &2153842880 !ruby/object:Gem::Requirement
+  requirement: &2154437240 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -30,10 +30,10 @@ dependencies:
         - 10
   type: :runtime
   prerelease: false
-  version_requirements: *2153842880
+  version_requirements: *2154437240
 - !ruby/object:Gem::Dependency
   name: rest-client
-  requirement: &2153842060 !ruby/object:Gem::Requirement
+  requirement: &2154436420 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -45,10 +45,10 @@ dependencies:
         - 7
   type: :runtime
   prerelease: false
-  version_requirements: *2153842060
+  version_requirements: *2154436420
 - !ruby/object:Gem::Dependency
   name: multi_json
-  requirement: &2153841300 !ruby/object:Gem::Requirement
+  requirement: &2154435660 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -60,7 +60,7 @@ dependencies:
         - 3
   type: :runtime
   prerelease: false
-  version_requirements: *2153841300
+  version_requirements: *2154435660
 description: An authentication and service location service.
 email: orion.henry@gmail.com
 executables:
@@ -69,9 +69,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - bin/fenris
+- bin/xx
 - lib/fenris/client.rb
 - lib/fenris/command.rb
-- lib/fenris/em.rb
+- lib/fenris/command.rb.old
+- lib/fenris/connection.rb
 - lib/fenris/version.rb
 has_rdoc: true
 homepage: http://github.com/orionz/fenris

data/lib/fenris/em.rb

@@ -1,164 +0,0 @@
-require 'eventmachine'
-
-module Fenris
-  module Connection
-    def initialize
-      @peer = []
-    end
-
-    def push(data)
-      # this is the black magic to switch @peer between a connection and an array
-      send_data data
-    end
-
-    def begin_ssl(opts, &blk)
-      @post_ssl = blk
-      start_tls :private_key_file => opts[:key_file], :cert_chain_file => opts[:cert_file], :verify_peer => true
-    end
-
-    def post_init
-    end
-
-    def validate_peer(&blk)
-      @validator = blk;
-    end
-
-    def on_unbind(&blk)
-      @on_unbind = blk
-    end
-
-    def ssl_verify_peer(pem)
-      @verify ||= @validator.call(pem)
-    end
-
-    def unbind
-      @on_unbind.call(self) if @on_unbind
-      @unbound = true
-      EM::stop if @signature < 3 ## this is for attach($stdin)
-      @peer.close_connection_after_writing rescue nil
-      close_connection
-    end
-
-    def ssl_handshake_completed
-      @post_ssl.call
-    end
-
-    def proxy(peer)
-      peer.close if @unbound
-      @peer.each { |d| peer.push d}
-      @peer = peer
-    end
-
-    def receive_data data
-      @peer.push data
-    end
-  end
-
-  module Base
-    extend self
-
-    UPDATE_INTERVAL = 10
-
-    def listen(client, external, internal)
-      return listen_stdio(client, external, internal) if internal == "--"
-      EventMachine::__send__ *mkbinding(:start_server, external), Fenris::Connection do |consumer|
-        client.log "New connection - begin ssl handshake"
-        consumer.validate_peer { |pem| client.validate_peer pem  }
-        consumer.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path do
-          client.log "SSL complete - open local connection"
-          EventMachine::__send__ *mkbinding(:connect, internal), Fenris::Connection do |provider|
-            client.log "start proxying"
-            provider.proxy consumer; consumer.proxy provider
-            provider.on_unbind { client.log "Connection closed" }
-          end
-        end
-      end
-    end
-
-    def listen_stdio(client, external, internal)
-      EventMachine::__send__ *mkbinding(:connect, internal), Fenris::Connection do |provider|
-        EventMachine::__send__ *mkbinding(:start_server, external), Fenris::Connection do |consumer|
-          client.log "stdio connection - begin ssl handshake"
-          consumer.validate_peer { |pem| client.validate_peer pem  }
-          consumer.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path do
-            client.log "SSL complete - start proxying"
-            provider.proxy consumer; consumer.proxy provider
-          end
-        end
-      end
-    end
-
-    def provide(client, external, internal)
-      at_exit { client.cleanup }
-
-      EventMachine::run do
-        client.save_keys
-        EventMachine::PeriodicTimer.new(UPDATE_INTERVAL) { client.async_update } unless ENV['FENRIS_NO_TIMER']
-        client.update external
-        client.log "Serving port #{internal} on #{external}"
-        listen client, external, internal
-      end
-    end
-
-    def mkbinding(action, binding)
-      if binding =~ /^:?(\d+)$/
-        [ action, "0.0.0.0", $1.to_i ]
-      elsif binding =~ /^(.+):(\d+)/
-        [ action, $1, $2.to_i ]
-      elsif binding == "--"
-        [ :attach, $stdin ]
-      else
-        [ action, binding ]
-      end
-    end
-
-    ## really want to unify all these :(
-    def consumer_connect(client, consumer, provider_name, provider)
-      client.log "COMSUMER CONNECT #{consumer.inspect} #{provider_name.inspect} #{provider.inspect}"
-      EventMachine::__send__ *mkbinding(:start_server, consumer), Fenris::Connection do |consumer|
-        client.log "New connection: opening connection to the server"
-        EventMachine::__send__ *mkbinding(:connect, provider), Fenris::Connection do |provider|
-          client.log "Connection to the server made, starting ssl"
-          provider.validate_peer { |pem| client.validate_peer pem, consumer, provider_name }
-          provider.begin_ssl :key_file =>  client.key_path , :cert_file => client.cert_path(provider_name) do
-            client.log "SSL complete - start proxying"
-            provider.proxy consumer; consumer.proxy provider
-          end
-        end
-      end
-    end
-
-    def consume(client, overide_provider = nil, override_binding = nil)
-      at_exit { client.cleanup }
-
-      client.save_keys
-
-      abort "No providers" if client.providers.empty?
-
-      providers = client.providers.reject { |p| overide_provider && p["name"] != overide_provider }
-
-      abort "No provider named #{overide_provider}" if providers.empty?
-      abort "Can only pass a binding for a single provider" if override_binding && providers.length != 1
-
-      EventMachine::run do
-        EventMachine::PeriodicTimer.new(UPDATE_INTERVAL) { client.async_update } unless ENV['FENRIS_NO_TIMER']
-        providers.each do |p|
-          binding = override_binding || p["binding"]
-          consumer_connect(client, binding, p["name"], p["location"])
-        end
-      end
-    end
-
-    def exec(client, *args)
-      command = args.join(' ')
-      EventMachine::run do
-        consume(client)
-        Thread.new do
-          system command
-          EM::stop
-        end
-      end
-    end
-  end
-end
-