kerryb-net-ssh-socks 0.0.3

data/.gitignore

@@ -0,0 +1,3 @@
+pkg/*
+*.gem
+.bundle

data/Gemfile

@@ -0,0 +1,4 @@
+source "http://rubygems.org"
+
+# Specify your gem's dependencies in net-ssh-socks.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,16 @@
+PATH
+  remote: .
+  specs:
+    net-ssh-socks (0.0.2)
+      net-ssh (~> 2.0)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    net-ssh (2.1.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  net-ssh-socks!

data/README.md

@@ -0,0 +1,28 @@
+# Net::SSH::Socks
+
+## Description
+
+Net::SSH::Socks is a library for programmatically creating a SOCKS proxy server that tunnels through SSH. Similar to Net::SSH::Service::Forward#local except the host is dynamic (determined by the client application, such as a browser).
+
+Useful for securing traffic over SSH or getting in/out of a firewall.
+
+## Use cases
+
+* If your company blocks certain sites/resources but allows SSH, then you can tunnel out to a machine outside the firewall.
+* If you need to access sites/resources inside a firewall, then you can tunnel into a machine inside the firewall.
+* Encrypt your traffic to protect yourself from things like Firesheep on public wifi.
+
+## Synopsis
+
+    require 'net/ssh/socks'
+
+    Net::SSH.start('host', 'user') do |ssh|
+      ssh.forward.socks(8080)
+      ssh.loop { true }
+    end
+
+Now, configure your browser to use a SOCKS proxy at localhost:8080
+
+## Install
+
+    gem install net-ssh-socks

data/Rakefile

@@ -0,0 +1,2 @@
+require 'bundler'
+Bundler::GemHelper.install_tasks

data/lib/net/ssh/socks.rb

@@ -0,0 +1,146 @@
+require 'net/ssh'
+
+module Net
+  module SSH
+    class Socks
+      VERSION = "0.0.3"
+
+      METHOD_NO_AUTH = 0
+      CMD_CONNECT    = 1
+      REP_SUCCESS    = 0
+      RESERVED       = 0
+      ATYP_IPV4      = 1
+      ATYP_DOMAIN    = 3
+      ATYP_IPV6      = 4
+      SOCKS4         = 4
+      SOCKS4_SUCCESS = [0, 0x5a, 0, 0, 0, 0, 0, 0].pack("C*")
+      SOCKS5         = 5
+
+      # client is an open socket
+      def initialize(client)
+        @client = client
+      end
+
+      # Communicates with a client application as described by the SOCKS 5
+      # specification: http://tools.ietf.org/html/rfc1928 and
+      # http://en.wikipedia.org/wiki/SOCKS
+      # returns the host and port requested by the client
+      def client_handshake
+        version = @client.recv(1).unpack("C*").first
+        case version
+        when SOCKS4 then client_handshake_v4
+        when SOCKS5 then client_handshake_v5
+        else
+          raise "SOCKS version not supported: #{version.inspect}"
+        end
+      end
+
+      def client_handshake_v4
+        command = @client.recv(1)
+        port = @client.recv(2).unpack("n").first
+        ip_addr = @client.recv(4).unpack("C*").join('.')
+        username = @client.recv(1024) # read the rest of the stream
+
+        @client.send SOCKS4_SUCCESS, 0
+        [ip_addr, port]
+      end
+
+      def client_handshake_v5
+        nmethods, *methods = @client.recv(8).unpack("C*")
+
+        if methods.include?(METHOD_NO_AUTH)
+          packet = [SOCKS5, METHOD_NO_AUTH].pack("C*")
+          @client.send packet, 0
+        else
+          @client.close
+          raise 'Unsupported authentication method. Only "No Authentication" is supported'
+        end
+
+        version, command, reserved, address_type, *destination = @client.recv(256).unpack("C*")
+
+        packet = ([SOCKS5, REP_SUCCESS, RESERVED, address_type] + destination).pack("C*")
+        @client.send packet, 0
+
+        remote_host, remote_port = case address_type
+        when ATYP_IPV4
+          host = destination[0..-3].join('.')
+          port = destination[-2..-1].pack('C*').unpack('n')
+          [host, port]
+        when ATYP_DOMAIN
+          host = destination[1..-3].pack('C*')
+          port = destination[-2..-1].pack('C*').unpack('n')
+          [host, port]
+        when ATYP_IPV6
+          @client.close
+          raise 'Unsupported address type. Only "IPv4" is supported'
+        else
+          raise "Unknown address_type: #{address_type}"
+        end
+
+        [remote_host, remote_port]
+      end
+    end
+  end
+end
+
+class Net::SSH::Connection::Session
+  def on_close(&block)
+    @on_close = block
+  end
+
+  alias_method :close_without_callbacks, :close
+  def close
+    close_without_callbacks
+    @on_close.call if @on_close
+  end
+end
+
+class Net::SSH::Service::Forward
+  # Starts listening for connections on the local host, and forwards them
+  # to the specified remote host/port via the SSH connection. This method
+  # accepts either one or two arguments. When two arguments are given,
+  # they are:
+  #
+  # * the local address to bind to
+  # * the local port to listen on
+  #
+  # If one argument is given, it is as if the local bind address is
+  # "127.0.0.1", and the rest are applied as above.
+  #
+  #   ssh.forward.socks(8080)
+  #   ssh.forward.socks("0.0.0.0", 8080)
+  def socks(*args)
+    if args.length < 1 || args.length > 2
+      raise ArgumentError, "expected 1 or 2 parameters, got #{args.length}"
+    end
+
+    bind_address = "127.0.0.1"
+    bind_address = args.shift if args.first.is_a?(String) && args.first =~ /\D/
+    local_port   = args.shift.to_i
+    info { "socks on #{bind_address} port #{local_port}" }
+
+    socks_server = TCPServer.new(bind_address, local_port)
+    session.listen_to(socks_server) do |server|
+      client = server.accept
+
+      socks = Net::SSH::Socks.new(client)
+      remote_host, remote_port = socks.client_handshake
+      info { "connection requested on #{remote_host} port #{remote_port}" }
+
+      channel = session.open_channel("direct-tcpip", :string, remote_host, :long, remote_port, :string, bind_address, :long, local_port) do |channel|
+        info { "direct channel established" }
+        prepare_client(client, channel, :local)
+      end
+
+      channel.on_open_failed do |ch, code, description|
+        error { "could not establish direct channel: #{description} (#{code})" }
+        client.close
+      end
+    end
+
+    session.on_close do
+      debug { "cleaning up socks server" }
+      socks_server.close
+    end
+  end
+end

data/net-ssh-socks.gemspec

@@ -0,0 +1,23 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require 'net/ssh/socks'
+
+Gem::Specification.new do |s|
+  s.name        = "kerryb-net-ssh-socks"
+  s.version     = Net::SSH::Socks::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ["Mike Enriquez"]
+  s.email       = ["mike@edgecase.com"]
+  s.homepage    = ""
+  s.summary     = %q{An extension to Net::SSH that adds dynamic port forwarding through a SOCKS proxy}
+  s.description = %q{Net::SSH::Socks is a library for programmatically creating a SOCKS proxy. Similar to Net::SSH::Service::Forward#local except the host is dynamic (determined by the client application, such as a browser).}
+
+  s.rubyforge_project = "net-ssh-socks"
+
+  s.add_dependency "net-ssh", "~> 2.0"
+
+  s.files         = `git ls-files`.split("\n")
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

metadata

@@ -0,0 +1,73 @@
+--- !ruby/object:Gem::Specification 
+name: kerryb-net-ssh-socks
+version: !ruby/object:Gem::Version 
+  prerelease: 
+  version: 0.0.3
+platform: ruby
+authors: 
+- Mike Enriquez
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2011-05-02 00:00:00 +01:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: net-ssh
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        version: "2.0"
+  type: :runtime
+  version_requirements: *id001
+description: Net::SSH::Socks is a library for programmatically creating a SOCKS proxy. Similar to Net::SSH::Service::Forward#local except the host is dynamic (determined by the client application, such as a browser).
+email: 
+- mike@edgecase.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- lib/net/ssh/socks.rb
+- net-ssh-socks.gemspec
+has_rdoc: true
+homepage: ""
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+requirements: []
+
+rubyforge_project: net-ssh-socks
+rubygems_version: 1.6.2
+signing_key: 
+specification_version: 3
+summary: An extension to Net::SSH that adds dynamic port forwarding through a SOCKS proxy
+test_files: []
+