raptor-io 0.0.1

data/lib/raptor-io/socket/comm/sapni.rb

@@ -0,0 +1,75 @@
+
+# Communication through a SAPRouter
+#
+# By default SAPRouter listens on port 3299.
+#
+# @see https://labs.mwrinfosecurity.com/blog/2012/09/13/sap-smashing-internet-windows/
+# @see http://conference.hitb.org/hitbsecconf2010ams/materials/D2T2%20-%20Mariano%20Nunez%20Di%20Croce%20-%20SAProuter%20.pdf
+class RaptorIO::Socket::Comm::SAPNI < RaptorIO::Socket::Comm
+
+  # The bits of the packet that don't change
+  NI_ROUTE_HEADER = [
+    "NI_ROUTE",
+    2,  # route info version
+    39, # NI version
+    2,  # number of entries
+    1,  # talk mode (NI_MSG_IO: 0; NI_RAW_IO; 1; NI_ROUT_IO: 2)
+    0,  # unused
+    0,  # unused
+    1,  # number of rest nodes
+  ].pack("Z*C7")
+
+  # @param options [Hash]
+  # @option options :sap_host [String,IPAddr]
+  # @option options :sap_port [Fixnum] (3299)
+  # @option options :sap_comm [Comm]
+  def initialize(options = {})
+    @sap_host = options[:sap_host]
+    @sap_port = (options[:sap_port] || 3299).to_i
+    @sap_comm = options[:sap_comm]
+  end
+
+  # Connect to a SAPRouter and use its routing capabilities to create a
+  # TCP connection to `:peer_host`.
+  #
+  # @param (see Comm#create_tcp)
+  def create_tcp(options)
+    @sap_socket = @sap_comm.create_tcp(
+      peer_host: @sap_host,
+      peer_port: @sap_port
+    )
+
+    first_route_item = [
+      @sap_host, @sap_port.to_s, 0
+    ].pack("Z*Z*C")
+
+    second_route_item = [
+      options[:peer_host], options[:peer_port].to_s, 0
+    ].pack("Z*Z*C")
+
+    route_data =
+      # This is *not* a length, it is the
+      #   "current position as an offset into the route string"
+      # according to
+      # http://help.sap.com/saphelp_nwpi711/helpdata/en/48/6a29785bed4e6be10000000a421937/content.htm
+      [ first_route_item.length ].pack("N") +
+      first_route_item +
+      second_route_item
+    route_data = [ route_data.length - 4 ].pack("N") + route_data
+
+    ni_packet = NI_ROUTE_HEADER.dup + route_data
+    ni_packet = [ni_packet.length].pack('N') + ni_packet
+
+    @sap_socket.write(ni_packet)
+    res_length = @sap_socket.read(4)
+    res = @sap_socket.read(res_length.unpack("N").first)
+
+    unless res == "NI_PONG\x00"
+      raise RaptorIO::Socket::Error::ConnectionError
+    end
+
+    RaptorIO::Socket::TCP.new(@sap_socket, options)
+  end
+
+end
+

data/lib/raptor-io/socket/comm/socks.rb

@@ -0,0 +1,237 @@
+require 'timeout'
+require 'socket'
+
+# Communication through a SOCKS proxy
+#
+# @see http://openssh.org/txt/socks4.protocol
+# @see https://tools.ietf.org/html/rfc1928
+class RaptorIO::Socket::Comm::SOCKS < RaptorIO::Socket::Comm
+
+  # @!attribute socks_host
+  #   The SOCKS server's address
+  #   @return [String]
+  attr_accessor :socks_host
+  # @!attribute socks_port
+  #   The SOCKS server's port
+  #   @return [Fixnum]
+  attr_accessor :socks_port
+  # @!attribute socks_comm
+  #   The {Comm} used to connect to the SOCKS server
+  #   @return [Comm]
+  attr_accessor :socks_comm
+
+  # Constants for address types ("ATYP" in the RFC)
+  module AddressTypes
+    # 4-byte IPv4 address
+    ATYP_IPv4 = 1
+    # DNS name as a Pascal string
+    ATYP_DOMAINNAME = 3
+    # 16-byte IPv6 address
+    ATYP_IPv6 = 4
+  end
+
+  # Constants for reply codes
+  module ReplyCodes
+    # `X'00' succeeded`
+    SUCCEEDED = 0
+    # `X'01' general SOCKS server failure`
+    GENERAL_FAILURE = 1
+    # `X'02' connection not allowed by ruleset`
+    NOT_ALLOWED = 2
+    # `X'03' Network unreachable`
+    NETUNREACH = 3
+    # `X'04' Host unreachable`
+    HOSTUNREACH = 4
+    # `X'05' Connection refused`
+    CONNREFUSED = 5
+    # `X'06' TTL expired`
+    TTL_EXPIRED = 6
+    # `X'07' Command not supported`
+    CMD_NOT_SUPPORTED = 7
+    # `X'08' Address type not supported`
+    ATYP_NOT_SUPPORTED = 8
+  end
+
+  # @param options [Hash]
+  # @option options :socks_host [String,IPAddr]
+  # @option options :socks_port [Fixnum]
+  # @option options :socks_comm [Comm]
+  def initialize(options = {})
+    @socks_host = options[:socks_host]
+    @socks_port = options[:socks_port].to_i
+    @socks_comm = options[:socks_comm]
+  end
+
+  # (see Comm#support_ipv6?)
+  def support_ipv6?
+    begin
+      tcp = create_tcp("::1", {})
+      tcp.close
+      true
+    rescue RaptorIO::Error
+      nil
+    end
+  end
+
+  # Connect to `:peer_host`
+  #
+  # @option (see Comm#create_tcp)
+  #
+  # @return [Socket::TCP]
+  #
+  # @raise [RaptorIO::Socket::Error::ConnectTimeout]
+  def create_tcp(options)
+    @socks_socket = socks_comm.create_tcp(
+      peer_host: socks_host,
+      peer_port: socks_port
+    )
+
+    negotiate_connection(options[:peer_host], options[:peer_port])
+
+    if options[:ssl_context]
+      RaptorIO::Socket::TCP::SSL.new(@socks_socket, options)
+    else
+      RaptorIO::Socket::TCP.new(@socks_socket, options)
+    end
+  end
+
+
+  private
+
+  # Attempt to create a connection to `peer_host`:`peer_port` via the
+  # SOCKS server at {#socks_host}:{#socks_port}.
+  #
+  # @param peer_host [String] An address or hostname
+  # @param peer_port [Fixnum] TCP port to connect to
+  #
+  # @raise [Error::ConnectionError] When the connection fails
+  def negotiate_connection(peer_host, peer_port)
+    # From RFC1928:
+    # ```
+    #   o  X'00' NO AUTHENTICATION REQUIRED
+    #   o  X'01' GSSAPI
+    #   o  X'02' USERNAME/PASSWORD
+    #   o  X'03' to X'7F' IANA ASSIGNED
+    #   o  X'80' to X'FE' RESERVED FOR PRIVATE METHODS
+    #   o  X'FF' NO ACCEPTABLE METHODS
+    # ```
+    auth_methods = [ 0 ]
+    # [ version ][ N methods ][ methods ... ]
+    v5_pkt = [ 5, auth_methods.count, *auth_methods ].pack("CCC*")
+
+    @socks_socket.write(v5_pkt)
+    response = @socks_socket.read(2)
+
+    case response
+    when "\x05\x00".force_encoding('binary')
+      # Then they accepted NO AUTHENTICATION and we can send a connect
+      # request *without* a password
+      request = pack_v5_connect_packet(peer_host, peer_port.to_i)
+    else
+      # Then they didn't like what we had to offer.
+      @socks_socket.close
+      raise RaptorIO::Socket::Error::ConnectionError, "Proxy connection failed"
+    end
+
+    @socks_socket.write(request)
+
+    reply_pkt = @socks_socket.read(4)
+    if reply_pkt.nil?
+      # ssh(1) likes to just sever the connection if it can't connect
+      raise RaptorIO::Socket::Error::ConnectionError
+    end
+
+    handle_reply(reply_pkt)
+  end
+
+  def pack_v5_connect_packet(peer_host, peer_port)
+    begin
+      ip = IPAddr.parse(peer_host)
+    rescue ArgumentError
+      type = AddressTypes::ATYP_DOMAINNAME
+      # Packed as a Pascal string
+      packed_addr = [peer_host.length, peer_host].pack("Ca*")
+    else
+      if ip.to_range.count != 1
+        raise ArgumentError, "Invalid host"
+      end
+      type = if ip.ipv4?
+               AddressTypes::ATYP_IPv4
+             elsif ip.ipv6?
+               AddressTypes::ATYP_IPv6
+             end
+      packed_addr = ip.hton
+    end
+    connect_packet = [
+      5, # Version
+      1, # CMD, CONNECT X'01'
+      0, # reserved
+      type,
+      packed_addr,
+      peer_port
+    ].pack("CCCCa*n")
+
+    connect_packet
+  end
+
+  def handle_reply(reply_pkt)
+
+    # [ version ][ reply code ][ reserved ][ atyp ]
+    _, reply, _, type = reply_pkt.unpack("C4")
+
+    #  X'00' succeeded
+    #  X'01' general SOCKS server failure
+    #  X'02' connection not allowed by ruleset
+    #  X'03' Network unreachable
+    #  X'04' Host unreachable
+    #  X'05' Connection refused
+    #  X'06' TTL expired
+    #  X'07' Command not supported
+    #  X'08' Address type not supported
+    #  X'09' to X'FF' unassigned
+    case reply
+    when ReplyCodes::SUCCEEDED
+      # Read in the bind addr. The protocol spec says this is supposed
+      # to be the getsockname(2) address of the sockfd on the server,
+      # which isn't all that useful to begin with. SSH(1) always
+      # populates it with NULL bytes, making it completely pointless.
+      # Read it off the socket and ignore it so it doesn't get in the
+      # way of the proxied traffic.
+      case type
+      when AddressTypes::ATYP_IPv4
+        @socks_socket.read(4)
+      when AddressTypes::ATYP_IPv6
+        @socks_socket.read(16)
+      when AddressTypes::ATYP_DOMAINNAME
+        # Pascal string, so read in the length and then read that many
+        len = @socks_socket.read(1).to_i
+        @socks_socket.read(len)
+      end
+      # bind port
+      @socks_socket.read(2)
+
+    when ReplyCodes::NETUNREACH, ReplyCodes::HOSTUNREACH
+      @socks_socket.close
+      raise RaptorIO::Socket::Error::HostUnreachable
+    when ReplyCodes::CONNREFUSED
+      @socks_socket.close
+      raise RaptorIO::Socket::Error::ConnectionRefused
+    when ReplyCodes::GENERAL_FAILURE,
+         ReplyCodes::NOT_ALLOWED,
+         ReplyCodes::TTL_EXPIRED,
+         ReplyCodes::CMD_NOT_SUPPORTED,
+         ReplyCodes::ATYP_NOT_SUPPORTED
+      # Then this is a kind of failure that doesn't map well to standard
+      # socket errors. Just call it a ConnectionError.
+      @socks_socket.close
+      raise RaptorIO::Socket::Error::ConnectionError
+    else
+      # Then this is an unassigned error code. No idea what it is, so
+      # just call it a ConnectionError
+      @socks_socket.close
+      raise RaptorIO::Socket::Error::ConnectionError
+    end
+  end
+
+end
+

data/lib/raptor-io/socket/comm_chain.rb

@@ -0,0 +1,30 @@
+
+class RaptorIO::Socket::CommChain
+  attr_accessor :comms
+
+  # @param uris [Array] A list of URIs (as `URI` objects or as `String`s)
+  def initialize(*uris)
+    @comms = [ RaptorIO::Socket::SwitchBoard::DEFAULT_ROUTE.comm ]
+    uris.each do |arg|
+      begin
+        arg_uri = (arg.kind_of? URI) ? arg : URI.parse(arg)
+      rescue URI::InvalidURIError
+        raise ArgumentError.new("Invalid URI (#{arg.inspect})")
+      end
+
+      next_comm = RaptorIO::Socket::Comm.from_uri(arg_uri, prev_comm: @comms.last)
+
+      if next_comm.kind_of? RaptorIO::Socket::Comm
+        @comms << next_comm
+      else
+        raise ArgumentError.new("Invalid Comm: unknown scheme (#{arg_uri.scheme.inspect})")
+      end
+    end
+
+  end
+
+  def create_tcp(opts = {})
+    @comms.last.create_tcp(opts)
+  end
+
+end

data/lib/raptor-io/socket/error.rb

@@ -0,0 +1,45 @@
+# Base class for all socket-related errors
+class RaptorIO::Socket::Error < RaptorIO::Error
+
+  # Hostname resolution error.
+  #
+  # @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  class CouldNotResolve < RaptorIO::Socket::Error
+  end
+
+  # Base class for errors that cause a connection to fail.
+  class ConnectionError < RaptorIO::Socket::Error
+  end
+
+  # Raised when a socket receives no SYN/ACK before timeout.
+  class ConnectionTimeout < RaptorIO::Socket::Error::ConnectionError
+  end
+
+  # Raised when a socket receives a RST during connect.
+  class ConnectionRefused < RaptorIO::Socket::Error::ConnectionError
+  end
+
+  # Host reachability error.
+  #
+  # Occurs when the remote host cannot be reached.
+  #
+  # @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  class HostUnreachable < RaptorIO::Socket::Error::ConnectionError
+  end
+
+  # Broken-pipe error.
+  #
+  # Occurs when a connection dies unexpectedly.
+  #
+  # @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  class BrokenPipe < RaptorIO::Socket::Error
+  end
+
+  # Not connected error.
+  #
+  # Occurs when attempting to transmit data over a not connected transport endpoint.
+  #
+  # @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+  class NotConnected < RaptorIO::Socket::Error
+  end
+end

data/lib/raptor-io/socket/switch_board.rb

@@ -0,0 +1,183 @@
+# -*- coding: binary -*-
+
+require 'thread'
+
+###
+#
+# A routing table that associates subnets with {Comm} objects.  Comm
+# classes are used to instantiate objects that are tied to remote
+# network entities.  For example, {Comm::Local} is used to build network
+# connections directly from the local machine whereas, for instance, a
+# SOCKS Comm would build a local socket pair that is associated with a
+# connection established by a remote SOCKS server.  This can be seen as
+# a uniform way of communicating with hosts through arbitrary channels.
+#
+###
+class RaptorIO::Socket::SwitchBoard
+
+  require 'raptor-io/socket/comm'
+  require 'raptor-io/socket/comm_chain'
+  require 'raptor-io/socket/switch_board/route'
+
+  include Enumerable
+
+  # If no route matches the host/netmask when searching for
+  # {#best_comm}, this will be the fallback - always route through the
+  # local machine creating Ruby ::Sockets.
+  DEFAULT_ROUTE = Route.new("0.0.0.0", "0.0.0.0", RaptorIO::Socket::Comm::Local.new)
+
+  # The list of routes this swithboard knows about
+  #
+  # @return [Array<Route>]
+  attr_reader :routes
+
+  def initialize
+    @routes = Array.new
+    @mutex  = Mutex.new
+  end
+
+  # Adds a route for a given subnet and netmask destined through a given comm
+  # instance.
+  #
+  # @param (see RaptorIO::Socket::SwitchBoard::Route#new)
+  # @return [Boolean] Whether the route was added. This may fail if a
+  #   route already {#route_exists? existed} or if the given `comm` does
+  #   not support the address family of the `subnet` (e.g., an IPv6
+  #   address for a comm that does not support IPv6)
+  def add_route(subnet, netmask, comm)
+    rv = true
+    subnet = IPAddr.parse(subnet)
+    if subnet.ipv6? and comm.respond_to?(:support_ipv6?)
+      return false unless comm.support_ipv6?
+    end
+
+    synchronize do
+      # If the route already exists, return false to the caller.
+      if route_exists?(subnet, netmask)
+        rv = false
+      else
+        @routes << Route.new(subnet, netmask, comm)
+      end
+    end
+
+    rv
+  end
+
+  # Finds the best possible comm for the supplied target address.
+  #
+  # @param addr [String,IPAddr] The address to which we want to talk
+  # @return [Comm]
+  def best_comm(addr)
+    addr = IPAddr.parse(addr)
+
+    # Find the most specific route that this address fits in. If none,
+    # use the default, i.e., local.
+    best_route = reduce(DEFAULT_ROUTE) do |best, route|
+      if route.subnet.include?(addr) && route.netmask >= best.netmask
+        route
+      else
+        best
+      end
+    end
+
+    best_route.comm
+  end
+
+  # Enumerates each entry in the routing table.
+  #
+  def each(&block)
+    @routes.each(&block)
+  end
+
+  alias each_route each
+
+  # Clears all established routes.
+  #
+  # @return [void]
+  def flush_routes
+    # Remove each of the individual routes so the comms don't think they're
+    # still routing after a flush.
+    @routes.each do |r|
+      if r.comm.respond_to? :routes
+        r.comm.routes.delete("#{r.subnet}/#{r.netmask}")
+      end
+    end
+
+    # Re-initialize to an empty array
+    @routes.clear
+  end
+
+  #
+  # Remove all routes that go through the supplied `comm`.
+  #
+  # @param comm [Comm]
+  # @return [void]
+  def remove_by_comm(comm)
+    synchronize do
+      @routes.delete_if { |route| route.comm == comm }
+    end
+
+    nil
+  end
+
+  #
+  # Removes a route for a given subnet and netmask destined through a given
+  # comm instance.
+  #
+  # @param (see Route.new)
+  # @return [Boolean] Whether we found one to delete
+  def remove_route(subnet, netmask, comm)
+    rv = false
+
+    other = Route.new(subnet, netmask, comm)
+    synchronize do
+      @routes.delete_if do |route|
+        if route == other
+          rv = true
+        else
+          false
+        end
+      end
+    end
+
+    rv
+  end
+
+  #
+  # Checks to see if a route already exists for the supplied subnet and
+  # netmask.
+  #
+  def route_exists?(subnet, netmask)
+    each do |route|
+      return true if route.subnet == subnet and route.netmask == netmask
+    end
+
+    false
+  end
+
+  # Create a TCP client socket on the {#best_comm best comm} available
+  # for `:peer_host`.
+  #
+  # @param (see Comm#create_tcp)
+  # @option opts (see Comm#create_tcp)
+  def create_tcp(opts)
+    best_comm(opts[:peer_host]).create_tcp(opts)
+  end
+
+  # Create a TCP server socket on the {#best_comm best comm} available
+  # for `:local_host`.
+  #
+  # @param (see Comm#create_tcp_server)
+  # @option opts (see Comm#create_tcp_server)
+  def create_tcp_server(opts)
+    best_comm(opts[:local_host]).create_tcp_server(opts)
+  end
+
+  private
+
+  def synchronize( &block )
+    @mutex.synchronize( &block )
+  end
+
+end
+