rtunnel 0.3.8 → 0.4.0

data/lib/rtunnel/commands.rb

@@ -0,0 +1,233 @@
+require 'stringio'
+
+class RTunnel::Command  
+  # Associates command codes with the classes implementing them.
+  class Registry
+    def initialize
+      @classes = {}
+      @codes = {}
+    end
+  
+    def register(klass, command_code)
+      if @codes.has_key? command_code
+        raise "Command code #{command_code} already used for #{@codes[command_code].name}"
+      end
+      
+      @codes[klass] = command_code
+      @classes[command_code] = klass
+    end
+    
+    def class_for(command_code)
+      @classes[command_code]
+    end
+    
+    def code_for(klass)
+      @codes[klass]
+    end
+    
+    def codes_and_classes
+      ret_val = []
+      @codes.each { |klass, code| ret_val << [code, klass.name] }
+      ret_val.sort!
+    end
+  end
+  
+  @@registry = Registry.new
+  def self.registry
+    @@registry
+  end
+  
+  # subclasses must call this to register and declare their command code
+  def self.command_code(code)
+    registry.register self, code
+  end
+
+  # subclasses should override this (and add to the result)
+  # to provide a debug string 
+  def to_s
+    self.class.name
+  end
+  
+  # subclasses should override this and call super
+  # before performing their own initialization
+  def initialize_from_io(io)
+    return self
+  end
+
+  # Encode this command to a IO / IOString.
+  def encode(io)
+    io.write RTunnel::Command.registry.code_for(self.class)
+  end
+  
+  # Produce a string with an encoding of this command.
+  def to_encoded_str
+    string_io = StringIO.new
+    self.encode string_io
+    string_io.string
+  end
+
+  # Decode a Command instance from a IO / IOString.
+  def self.decode(io)
+    return nil unless code = io.getc
+    klass = registry.class_for code.chr
+    return nil unless klass
+
+    command = klass.new
+    command.initialize_from_io io
+  end
+
+  # Printable string containing all the codes and their classes.
+  def self.printable_codes
+    printable = ''
+    registry.codes_and_classes.each do |code_and_class|
+      printable << "#{code_and_class.first}: #{code_and_class.last}\n"
+    end
+    return printable
+  end
+end
+
+class RTunnel::ConnectionCommand < RTunnel::Command
+  attr_reader :connection_id
+
+  def initialize(connection_id = nil)
+    super()
+    @connection_id = connection_id
+  end
+  
+  def to_s
+    super + "/id=#{connection_id}"
+  end
+  
+  def initialize_from_io(io)
+    super
+    @connection_id = io.read_varstring
+    self
+  end
+  
+  def encode(io)
+    super
+    io.write_varstring @connection_id
+  end
+end
+
+class RTunnel::CreateConnectionCommand < RTunnel::ConnectionCommand
+  command_code 'C'
+end
+
+class RTunnel::CloseConnectionCommand < RTunnel::ConnectionCommand
+  command_code 'X'
+end
+
+class RTunnel::SendDataCommand < RTunnel::ConnectionCommand
+  command_code 'D'
+  
+  attr_reader :data
+
+  def initialize(connection_id = nil, data = nil)
+    super(connection_id)
+    @data = data
+  end
+  
+  def initialize_from_io(io)
+    super
+    @data = io.read_varstring
+    self    
+  end
+
+  def to_s
+    super + "/data=#{data}"
+  end
+  
+  def encode(io)
+    super
+    io.write_varstring @data
+  end
+end
+
+class RTunnel::RemoteListenCommand < RTunnel::Command
+  command_code 'L'
+
+  attr_reader :address
+
+  def initialize(address = nil)
+    super()
+    @address = address
+  end
+
+  def to_s
+    super + "/address=#{address}"
+  end
+
+  def initialize_from_io(io)
+    super
+    @address = io.read_varstring
+    self    
+  end
+  
+  def encode(io)
+    super
+    io.write_varstring address
+  end
+end
+
+class RTunnel::KeepAliveCommand < RTunnel::Command
+  command_code 'A'
+  
+  def initialize_from_io(io)
+    super
+  end
+end
+
+class RTunnel::GenerateSessionKeyCommand < RTunnel::Command
+  command_code 'S'
+  
+  attr_reader :public_key_fp
+  
+  def initialize(public_key_fp = nil)
+    super()
+    @public_key_fp = public_key_fp
+  end
+  
+  def to_s
+    super + "/pubkey_fp=#{@public_key_fp.inspect}"
+  end
+  
+  def initialize_from_io(io)
+    super
+    @public_key_fp = io.read_varstring
+    self    
+  end
+  
+  def encode(io)
+    super
+    io.write_varstring @public_key_fp
+  end
+end
+
+class RTunnel::SetSessionKeyCommand < RTunnel::Command
+  command_code 'K'
+  
+  attr_reader :encrypted_keys
+
+  def initialize(encrypted_keys = nil)
+    super()
+    @encrypted_keys = encrypted_keys
+  end
+  
+  def to_s
+    super + "/enc_keys=#{@encrypted_key.inspect}"
+  end
+  
+  def initialize_from_io(io)
+    super
+    @encrypted_keys = io.read_varstring
+    self    
+  end
+  
+  def encode(io)
+    super
+    io.write_varstring @encrypted_keys
+  end
+end
+
+# TODO(not_me): this file (and its tests) cry for a DSL

data/lib/rtunnel/connection_id.rb

@@ -0,0 +1,24 @@
+require 'base64'
+require 'openssl'
+
+# Unique ID generation functionality.
+module RTunnel::ConnectionId
+  def self.new_cipher
+    cipher = OpenSSL::Cipher::Cipher.new 'aes-128-ecb'
+    cipher.encrypt
+    cipher.key, cipher.iv = cipher.random_key, cipher.random_iv
+    cipher
+  end
+  
+  def self.new_counter
+    '0' * 16
+  end
+  
+  def new_connection_id
+    @session_id_cipher ||= RTunnel::ConnectionId.new_cipher
+    @session_id_counter ||= RTunnel::ConnectionId.new_counter
+    connection_id = @session_id_cipher.update @session_id_counter
+    @session_id_counter.succ!
+    Base64.encode64(connection_id).strip
+  end
+end

data/lib/rtunnel/core.rb

@@ -0,0 +1,58 @@
+require 'logger'
+
+module RTunnel
+  DEFAULT_CONTROL_PORT = 19050
+  TUNNEL_TIMEOUT = 10
+  KEEP_ALIVE_INTERVAL = 2
+
+  class AbortProgramException < Exception
+    
+  end
+end
+
+module RTunnel::Logging
+  def init_log(options = {})
+    # TODO(costan): parse logging options
+    if options[:to]
+      @log = options[:to].instance_variable_get(:@log).dup
+    else
+      @log = Logger.new(STDERR)
+      @log.level = Logger::ERROR
+    end
+    if options[:level]
+      @log.level = Logger::const_get(options[:level].upcase.to_sym)
+    end
+  end
+  
+  def D(message)
+    @log.debug message
+  end
+  
+  def W(message)
+    @log.warn message
+  end
+  
+  def I(message)
+    @log.info message
+  end
+  
+  def E(message)
+    @log.error message
+  end
+  
+  def F(message)
+    @log.fatal message
+  end
+end
+
+module RTunnel
+  # Resolve the given address to an IP.
+  # The address can have the following formats: host; host:port; ip; ip:port;
+  def self.resolve_address(address, timeout_sec = 5)
+    host, rest = address.split(':', 2)
+    ip = timeout(timeout_sec) { Resolv.getaddress(host) }
+    rest ? "#{ip}:#{rest}" : ip
+  rescue Exception
+    raise AbortProgramException, "Error resolving #{host}" 
+  end  
+end

data/lib/rtunnel/crypto.rb

@@ -0,0 +1,106 @@
+require 'digest/sha2'
+require 'openssl'
+require 'stringio'
+
+require 'rubygems'
+require 'net/ssh'
+
+module RTunnel::Crypto
+  # Reads all the keys from an openssh known_hosts or authorized_keys2 file.
+  def self.read_authorized_keys(file_name)
+    keys = []
+    File.read(file_name).each_line do |line|
+      pubkey_match = /ssh-\w*\s*(\S*)/.match line
+      next unless pubkey_match
+      pubkey_blob = pubkey_match[1].unpack('m*').first      
+      keys << Net::SSH::Buffer.new(pubkey_blob).read_key
+    end
+    keys
+  end
+  
+  # Loads a private key from an openssh key file.
+  def self.read_private_key(file_name)
+    Net::SSH::KeyFactory.load_private_key file_name
+  end
+  
+  # Computes a string that represents the key. Different keys should
+  # map out to different fingerprints.
+  def self.key_fingerprint(key)
+    key.public_key.to_der
+  end
+  
+  # Encrypts some data with a public key. The matching private key will be
+  # required to decrypt the data.
+  def self.encrypt_with_key(key, data)
+    if key.kind_of? OpenSSL::PKey::RSA
+      key.public_encrypt data, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
+    elsif key.kind_of? OpenSSL::PKey::DSA
+      key.public_encrypt encrypted_data
+    else
+      raise 'Unsupported key type'
+    end
+  end
+  
+  # Decrypts data that was previously encrypted with encrypt_with_key.
+  def self.decrypt_with_key(key, encrypted_data)
+    if key.kind_of? OpenSSL::PKey::RSA
+      key.private_decrypt encrypted_data, OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING    
+    elsif key.kind_of? OpenSSL::PKey::DSA
+      key.private_decrypt encrypted_data
+    else
+      raise 'Unsupported key type'
+    end
+  end
+  
+  # Loads public keys to be used by a server.
+  def self.load_public_keys(file_name)
+    key_list = read_authorized_keys file_name
+    RTunnel::Crypto::KeySet.new key_list
+  end
+end
+
+# A set of keys used by a server to authenticate clients.
+class RTunnel::Crypto::KeySet  
+  def initialize(key_list)
+    @keys_by_fp = {}
+    key_list.each { |k| @keys_by_fp[RTunnel::Crypto.key_fingerprint(k)] = k }    
+  end
+  
+  def [](key_fp)
+    @keys_by_fp[key_fp]
+  end
+  
+  def length
+    @keys_by_fp.length
+  end
+end
+
+# A cryptographically secure hasher. Instances will hash the data 
+class RTunnel::Crypto::Hasher
+  attr_reader :key
+  
+  def initialize(key = nil)
+    @key = key || RTunnel::Crypto::Hasher.random_key
+    @cipher = OpenSSL::Cipher::Cipher.new 'aes-128-cbc'
+    @cipher.encrypt
+    iokey = StringIO.new @key
+    @cipher.key = iokey.read_varstring
+    @cipher.iv = iokey.read_varstring
+  end
+
+  # Creates a hash for the given data. Warning: this method is not idempotent.
+  # The intent is that the same hash can be produced by another hasher that is
+  # initialized with the same key and has been fed the same data.
+  def hash(data)
+    @cipher.update Digest::SHA2.digest(data)
+  end
+
+  # Produces a random key for the hasher.
+  def self.random_key
+    cipher = OpenSSL::Cipher::Cipher.new 'aes-128-cbc'
+    iokey = StringIO.new
+    iokey.write_varstring cipher.random_key
+    iokey.write_varstring cipher.random_iv
+    iokey.string
+  end  
+end

data/lib/rtunnel/frame_protocol.rb

@@ -0,0 +1,34 @@
+# eventmachine protocol 
+module RTunnel::FrameProtocol
+  def receive_data(data)
+    @frame_size_buffer ||= ''
+
+    i = 0
+    loop do
+      while @frame_buffer.nil? and i < data.size
+        @frame_size_buffer << data[i]
+        if (data[i] & 0x80) == 0
+          @remaining_frame_size = StringIO.new(@frame_size_buffer).read_varsize
+          @frame_buffer = ''
+        end
+        i += 1
+      end
+
+      return  if @frame_buffer.nil?
+      break  if @remaining_frame_size > data.size - i
+
+      receive_frame(@frame_buffer + data[i, @remaining_frame_size])
+      @frame_size_buffer, @frame_buffer = '', nil
+      i += @remaining_frame_size
+    end
+
+    @frame_buffer << data[i..-1]
+    @remaining_frame_size -= data.size-i
+  end
+
+  def send_frame(frame_data)
+    size_str = StringIO.new
+    size_str.write_varsize(frame_data.length)
+    send_data(size_str.string + frame_data)
+  end
+end

data/lib/rtunnel/io_extensions.rb

@@ -0,0 +1,54 @@
+require 'stringio'
+
+class RTunnel::TruncatedDataError < Exception; end
+
+module RTunnel::IOExtensions
+  # writes a size (non-negative Integer) to the stream using a varint encoding
+  def write_varsize(size)
+    chars = []
+    loop do
+      size, char = size.divmod(0x80)
+      chars << (char | ((size > 0) ? 0x80 : 0))
+      break if size == 0
+    end
+    write chars.pack('C*')
+  end
+  
+  # reads a size (non-negative Integer) from the stream using a varint encoding
+  def read_varsize
+    size = 0
+    multiplier = 1
+    loop do
+      char = getc
+      # TODO(costan): better exception
+      unless char
+        raise RTunnel::TruncatedDataError.new("Encoded varsize truncated")
+      end
+      more, size_add = char.divmod(0x80)
+      size += size_add * multiplier
+      break if more == 0
+      multiplier *= 0x80
+    end
+    size
+  end
+  
+  # writes a string and its length, so it can later be read with read_varstr
+  def write_varstring(str)
+    write_varsize str.length
+    write str
+  end
+  
+  # reads a variable-length string that was previously written with write_varstr
+  def read_varstring
+    length = read_varsize
+    return '' if length == 0
+    str = read(length)
+    if ! str or str.length != length
+      raise RTunnel::TruncatedDataError, "Encoded varstring truncated"
+    end
+    str
+  end
+end
+
+IO.send :include, RTunnel::IOExtensions
+StringIO.send :include, RTunnel::IOExtensions

data/lib/rtunnel/leak.rb

@@ -0,0 +1,35 @@
+require 'pp'
+
+class RTunnel::LeakTracker
+  # TODO(not_me): update this to eventmachine if it's still interesting
+  def self.start
+    logged_thread do
+      sleep 10
+      begin
+        objects = Hash.new 0
+
+        while true
+          last_objects = objects.dup
+          ObjectSpace.each_object do |o|
+            objects[o.class] += 1
+          end
+
+          objects.reject!{|k,v| ! last_objects.has_key? k }  unless last_objects.empty?
+
+          new_objects = objects.dup
+          objects.each do |(klass, count)|
+            new_objects.delete klass  if count < last_objects[klass]  # has been GC'ed, "cant be leaking"
+          end
+          objects = new_objects
+
+          PP.pp objects.sort_by{|(k,cnt)| cnt }.reverse[0..10], STDERR
+
+          sleep 10
+        end
+      rescue Object
+        STDERR.puts $!.inspect
+        STDERR.puts $!.backtrace.join("\n")
+      end
+    end
+  end
+end

data/lib/rtunnel/rtunnel_client_cmd.rb

@@ -0,0 +1,41 @@
+require 'optparse'
+
+require 'rubygems'
+require 'eventmachine'
+
+
+module RTunnel
+  def self.run_client
+    options = {}
+    
+    (opts = OptionParser.new do |o|
+      o.on("-c", "--control-address ADDRESS") do |a|
+        options[:control_address] = a
+      end
+      o.on("-f", "--remote-listen-port ADDRESS") do |a|
+        options[:remote_listen_address] = a
+      end
+      o.on("-t", "--tunnel-to ADDRESS") do |a|
+        options[:tunnel_to_address] = a
+      end
+      o.on("-k", "--private-key KEYFILE") do |f|
+        options[:private_key] = f
+      end
+      o.on("-l", "--log-level LEVEL") do |l|
+        options[:log_level] = l
+      end
+      o.on("-o", "--timeout TIMEOUT_IN_SECONDS") do |t|
+        options[:tunnel_timeout] = t.to_f
+      end
+    end).parse!  rescue (puts opts; return)
+    
+    mandatory_keys = [:control_address, :remote_listen_address,
+                      :tunnel_to_address]
+                      
+    (puts opts; return) unless mandatory_keys.all? { |key| options[key] }
+    
+    EventMachine::run do
+      RTunnel::Client.new(options).start
+    end
+  end
+end

data/lib/rtunnel/rtunnel_server_cmd.rb

@@ -0,0 +1,32 @@
+require 'optparse'
+
+require 'rubygems'
+require 'eventmachine'
+
+
+module RTunnel
+  def self.run_server    
+    options = {}
+    
+    (opts = OptionParser.new do |o|
+      o.on("-c", "--control ADDRESS") { |a| options[:control_address] = a }
+      o.on("-a", "--authorized-keys KEYSFILE") do |f|
+        options[:authorized_keys] = f
+      end
+      o.on("-l", "--log-level LEVEL") { |l| options[:log_level] = l }
+      o.on("-k", "--keep-alive KEEP_ALIVE_INTERVAL") do |t|
+        options[:keep_alive_interval] = t.to_f
+      end
+      o.on("-p", "--lowest-listen-port PORT") do |p|
+        options[:lowest_listen_port] = p.to_i
+      end
+      o.on("-P", "--highest-listen-port PORT") do |p|
+        options[:highest_listen_port] = p.to_i
+      end
+    end).parse!  rescue (puts opts; return)
+
+    EventMachine::run do
+      RTunnel::Server.new(options).start
+    end
+  end
+end