rtunnel 0.3.8 → 0.4.0

data/lib/rtunnel/server.rb

@@ -0,0 +1,351 @@
+require 'set'
+
+require 'rubygems'
+require 'eventmachine'
+
+
+# The RTunnel server class, managing control and connection servers.
+class RTunnel::Server
+  include RTunnel
+  include RTunnel::CommandProcessor
+  include RTunnel::Logging
+  include RTunnel::ConnectionId
+  
+  attr_reader :control_address, :control_host, :control_port
+  attr_reader :keep_alive_interval, :authorized_keys
+  attr_reader :lowest_listen_port, :highest_listen_port
+  attr_reader :tunnel_connections
+  
+  def initialize(options = {})
+    process_options options
+    @tunnel_controls = {}
+    @tunnel_connections = {}
+    @tunnel_connections_by_control = {}
+  end
+
+  def start
+    return if @control_listener
+    @control_host = SocketFactory.host_from_address @control_address
+    @control_port = SocketFactory.port_from_address @control_address
+    start_server
+  end
+  
+  def stop
+    return unless @control_listener
+    EventMachine.stop_server @control_listener
+    @control_listener = nil
+  end
+  
+  def start_server
+    D "Control server on #{@control_host} port #{@control_port}"
+    @control_listener = EventMachine.start_server @control_host, @control_port,
+                                                  Server::ControlConnection,
+                                                  self
+  end
+  
+  # Creates a listener on a certain port. The given block should create and
+  # return the listener. If a listener is already active on the given port,
+  # the current listener is closed, and the new listener is created after the
+  # old listener is closed.
+  def create_tunnel_listener(listen_port, control_connection, &creation_block)
+    if old_control = @tunnel_controls[listen_port]
+      D "Closing old listener on port #{listen_port}"
+      EventMachine.stop_server old_control.listener
+    end
+    
+    EventMachine.next_tick do
+      next unless yield
+      
+      @tunnel_controls[listen_port] = control_connection
+      redirect_tunnel_connections old_control, control_connection if old_control
+      on_remote_listen
+    end
+  end
+  
+  # Registers a tunnel connection, so it can receive data.
+  def register_tunnel_connection(connection)
+    @tunnel_connections[connection.connection_id] = connection
+    control_connection = connection.control_connection
+    @tunnel_connections_by_control[control_connection] ||= Set.new
+    @tunnel_connections_by_control[control_connection] << connection
+  end
+  
+  # De-registers a tunnel connection.
+  def deregister_tunnel_connection(connection)
+    @tunnel_connections.delete connection.connection_id
+    control_connection = connection.control_connection
+    @tunnel_connections_by_control[control_connection].delete connection
+  end
+  
+  def redirect_tunnel_connections(old_control, new_control)
+    return unless old_connections = @tunnel_connections_by_control[old_control]
+    old_connections.each do |tunnel_connection|
+      tunnel_connection.control_connection = new_control
+    end
+    @tunnel_connections_by_control[new_control] ||= Set.new
+    @tunnel_connections_by_control[new_control] += old_connections
+  end
+
+  def on_remote_listen(&block)
+    if block
+      @on_remote_listen = block
+    elsif @on_remote_listen
+      @on_remote_listen.call
+    end 
+  end
+
+  ## option processing
+  
+  def process_options(options)
+    [:control_address, :keep_alive_interval, :authorized_keys,
+     :lowest_listen_port, :highest_listen_port].each do |opt|
+      instance_variable_set "@#{opt}".to_sym,
+          RTunnel::Server.send("extract_#{opt}".to_sym, options[opt])
+    end
+    
+    init_log :level => options[:log_level]    
+  end
+
+  def self.extract_control_address(address)
+    return "0.0.0.0:#{RTunnel::DEFAULT_CONTROL_PORT}" unless address
+    if address =~ /^\d+$/
+      host = nil
+      port = address.to_i
+    else
+      host = SocketFactory.host_from_address address
+      port = SocketFactory.port_from_address address
+    end
+    host = RTunnel.resolve_address(host || "0.0.0.0")
+    port ||= RTunnel::DEFAULT_CONTROL_PORT.to_s
+    "#{host}:#{port}"
+  end
+  
+  def self.extract_keep_alive_interval(interval)
+    interval || RTunnel::KEEP_ALIVE_INTERVAL
+  end
+  
+  def self.extract_authorized_keys(keys_file)
+    keys_file and Crypto.load_public_keys keys_file
+  end
+  
+  def self.extract_lowest_listen_port(port)
+    port || 0
+  end
+  
+  def self.extract_highest_listen_port(port)
+    port || 65535
+  end
+end
+
+
+# A client connection to the server's control port.
+class RTunnel::Server::ControlConnection < EventMachine::Connection
+  include RTunnel
+  include RTunnel::CommandProcessor
+  include RTunnel::CommandProtocol
+  include RTunnel::Logging
+
+  attr_reader :server, :listener
+  
+  def initialize(server)
+    super()
+    
+    @server = server
+    @tunnel_connections = server.tunnel_connections
+    @listener = nil
+    @keep_alive_timer = nil
+    @keep_alive_interval = server.keep_alive_interval
+    @in_hasher = @out_hasher = nil
+    
+    init_log :to => @server
+  end
+  
+  def post_init
+    @client_port, @client_host = *Socket.unpack_sockaddr_in(get_peername)
+    D "Established connection with #{@client_host} port #{@client_port}"
+    enable_keep_alives
+  end
+  
+  def unbind
+    D "Lost connection from #{@client_host} port #{@client_port}"
+    disable_keep_alives
+  end
+  
+  
+  ## Command processing
+    
+  def process_remote_listen(address)
+    listen_host = SocketFactory.host_from_address address
+    listen_port = SocketFactory.port_from_address address
+
+    unless validate_remote_listen listen_host, listen_port
+      send_command SetSessionKeyCommand.new('NO')
+      return      
+    end
+    
+    @server.create_tunnel_listener listen_port, self do
+      D "Creating listener for #{listen_host} port #{listen_port}"
+      begin
+        @listener = EventMachine.start_server listen_host, listen_port,
+                                               Server::TunnelConnection, self,
+                                               listen_host, listen_port
+      rescue RuntimeError => e
+        # EventMachine raises 'no acceptor' if the listen address is invalid
+        E "Invalid listen address #{listen_host}"        
+        @listener = nil
+      end
+    end
+    
+    D "Listening on #{listen_host} port #{listen_port}"
+  end
+  
+  # Verifies if a RemoteListenCommand should be honored.
+  def validate_remote_listen(host, port)
+    if @server.authorized_keys and @out_hasher.nil?
+      D "Asked to open listen socket by unauthorized client"
+      return false
+    end
+    
+    if port < @server.lowest_listen_port or port > @server.highest_listen_port
+      D "Asked to listen to forbidden port"
+      return false
+    end
+    
+    true
+  end
+  
+  def process_send_data(tunnel_connection_id, data)
+    tunnel_connection = @tunnel_connections[tunnel_connection_id]
+    if tunnel_connection
+      D "Data: #{data.length} bytes coming from #{tunnel_connection_id}"
+      tunnel_connection.send_data data
+    else
+      W "Asked to send to unknown connection #{tunnel_connection_id}"
+    end
+  end
+  
+  def process_close_connection(tunnel_connection_id)
+    tunnel_connection = @tunnel_connections[tunnel_connection_id]
+    if tunnel_connection
+      D "Closed from tunneled end: #{tunnel_connection_id}"
+      tunnel_connection.close_from_tunnel
+    else
+      W "Asked to close unknown connection #{tunnel_connection_id}"
+    end
+  end
+  
+  def process_generate_session_key(public_key_fp)
+    if @server.authorized_keys
+      if public_key = @server.authorized_keys[public_key_fp]
+        D "Authorized client key received, generating session key"
+        @out_hasher, @in_hasher = Crypto::Hasher.new, Crypto::Hasher.new
+        
+        iokeys = StringIO.new
+        iokeys.write_varstring @in_hasher.key
+        iokeys.write_varstring @out_hasher.key
+        encrypted_keys = Crypto.encrypt_with_key public_key, iokeys.string
+      else
+        D("Rejecting unauthorized client key (%s authorized keys)" %
+          @server.authorized_keys.length)
+        encrypted_keys = 'NO'
+      end
+    else
+      D "Asked to generate session key, but no authorized keys set"
+      encrypted_keys = ''
+    end
+    send_command SetSessionKeyCommand.new(encrypted_keys)
+    self.incoming_command_hasher = @in_hasher if @in_hasher
+    self.outgoing_command_hasher = @out_hasher if @out_hasher
+  end
+  
+  def receive_bad_frame(frame, exception)
+    case exception
+    when :bad_signature
+      D "Ignoring command with invalid signature"
+    when Exception
+      D "Ignoring malformed command."
+      D "Decoding exception: #{exception.class.name} - #{exception}\n" +
+        "#{exception.backtrace.join("\n")}\n"
+    end
+  end
+  
+  
+  ## Keep-Alives (preventing timeouts)
+  
+  #:nodoc:
+  def send_command(command)
+    @last_command_time = Time.now
+    super
+  end
+
+  # Enables sending KeepAliveCommands every few seconds.
+  def enable_keep_alives
+    @last_command_time = Time.now
+    @keep_alive_timer =
+        EventMachine::PeriodicTimer.new(@keep_alive_interval / 2) do
+      keep_alive_if_needed
+    end
+  end
+
+  # Sends a KeepAlive command if no command was sent recently.
+  def keep_alive_if_needed
+    if Time.now - @last_command_time >= @keep_alive_interval
+      send_command KeepAliveCommand.new
+    end
+  end
+  
+  # Disables sending KeepAlives.
+  def disable_keep_alives
+    return unless @keep_alive_timer
+    @keep_alive_timer.cancel
+    @keep_alive_timer = nil
+  end  
+end
+
+
+# A connection to a tunnelled port.
+class RTunnel::Server::TunnelConnection < EventMachine::Connection
+  include RTunnel
+  include RTunnel::Logging
+  
+  attr_reader :connection_id
+  attr_accessor :control_connection
+  
+  def initialize(control_connection, listen_host, listen_port)
+    # listen_host and listen_port are passed for logging purposes only
+    @listen_host = listen_host
+    @listen_port = listen_port
+    @control_connection = control_connection
+    @server = @control_connection.server
+    @hasher = nil
+
+    init_log :to => @server
+  end
+  
+  def post_init
+    @connection_id = @server.new_connection_id
+    peer = Socket.unpack_sockaddr_in(get_peername).reverse.join ':'
+    D "Tunnel connection from #{peer} on #{@connection_id}"
+    @server.register_tunnel_connection self
+    @control_connection.send_command CreateConnectionCommand.new(@connection_id)
+  end
+  
+  def unbind
+    unless @tunnel_closed
+      D "Closed from client end: #{@connection_id}"
+      close_command = CloseConnectionCommand.new(@connection_id)
+      @control_connection.send_command close_command
+    end
+    @server.deregister_tunnel_connection self
+  end
+  
+  def close_from_tunnel
+    @tunnel_closed = true
+    close_connection_after_writing
+  end
+  
+  def receive_data(data)
+    D "Data: #{data.length} bytes for #{@connection_id}"
+    @control_connection.send_command SendDataCommand.new(@connection_id, data)
+  end
+end

data/lib/rtunnel/socket_factory.rb

@@ -0,0 +1,119 @@
+require 'socket'
+
+module RTunnel::SocketFactory
+  def self.split_address(address)
+    port_index = address.index /[^:]\:[^:]/
+    if port_index
+      [address[0, port_index + 1], address[port_index + 2, address.length]]
+    else
+      [address, nil]
+    end
+  end
+  
+  def self.host_from_address(address)
+    address and split_address(address)[0]
+  end
+  
+  def self.port_from_address(address)
+    address and (port_string = split_address(address)[1]) and port_string.to_i
+  end
+  
+  def self.inbound?(options)
+    options[:inbound] or [:in_port, :in_host, :in_addr].any? { |k| options[k] }
+  end
+  
+  def self.bind_host(options)
+    options[:in_host] or host_from_address(options[:in_addr]) or '0.0.0.0'
+  end
+  
+  def self.bind_port(options)
+    options[:in_port] or port_from_address(options[:in_addr]) or 0
+  end
+  
+  def self.bind_socket_address(options)
+    Socket::pack_sockaddr_in bind_port(options), bind_host(options)
+  end
+  
+  def self.connect_host(options)
+    options[:out_host] or host_from_address(options[:out_addr])
+  end
+  
+  def self.connect_port(options)
+    options[:out_port] or port_from_address(options[:out_addr])
+  end
+  
+  def self.connect_socket_address(options)
+    Socket::pack_sockaddr_in connect_port(options), connect_host(options)
+  end
+  
+  def self.tcp?(options)
+    options[:tcp] or !options[:udp]
+  end
+  
+  def self.new_tcp_socket
+    Socket.new Socket::AF_INET, Socket::SOCK_STREAM, Socket::PF_UNSPEC
+  end
+  
+  def self.new_udp_socket
+    Socket.new Socket::AF_INET, Socket::SOCK_DGRAM, Socket::PF_UNSPEC
+  end
+  
+  def self.new_socket(options)
+    tcp?(options) ? new_tcp_socket : new_udp_socket
+  end
+  
+  def self.bind(socket, options)
+    socket.bind bind_socket_address(options)
+  end
+  
+  def self.connect(socket, options)
+    socket.connect connect_socket_address(options)
+  end
+  
+  def self.set_options(socket, options)
+    if options[:no_delay]
+      socket.setsockopt Socket::IPPROTO_TCP, Socket::TCP_NODELAY, true
+      socket.sync = true
+    end
+    
+    if options[:reuse_addr]
+      socket.setsockopt Socket::SOL_SOCKET, Socket::SO_REUSEADDR, true
+    end
+    
+    unless options[:reverse_lookup]
+      if socket.respond_to? :do_not_reverse_lookup
+        socket.do_not_reverse_lookup = true
+      else
+        # work around until the patch below actually gets committed:
+        # http://blade.nagaokaut.ac.jp/cgi-bin/scat.rb/ruby/ruby-core/2346
+        BasicSocket.do_not_reverse_lookup = true
+      end
+    end
+  end
+
+  # new sockets coming out of socket.accept will have the given options set
+  def self.set_options_on_accept_sockets(socket, options)
+    socket.instance_variable_set :@rtunnel_factory_options, options
+    def socket.accept(*args)
+      sock, addr = super
+      RTunnel::SocketFactory.set_options sock, @rtunnel_factory_options
+      return sock, addr
+    end
+  end
+  
+  def self.socket(options = {})    
+    s = new_socket options
+    set_options s, options
+    if inbound? options
+      bind s, options    
+      set_options_on_accept_sockets s, options
+    else
+      connect s, options
+    end
+    s
+  end
+  
+  def socket(options = {})
+    RTunnel::SocketFactory.socket(options)
+  end  
+end

data/lib/rtunnel.rb

@@ -0,0 +1,20 @@
+module RTunnel  
+end
+
+require 'rtunnel/core.rb'
+require 'rtunnel/io_extensions.rb'
+require 'rtunnel/socket_factory.rb'
+require 'rtunnel/frame_protocol.rb'
+
+require 'rtunnel/commands.rb'
+require 'rtunnel/command_processor.rb'
+require 'rtunnel/command_protocol.rb'
+require 'rtunnel/connection_id.rb'
+require 'rtunnel/crypto.rb'
+
+require 'rtunnel/client.rb'
+require 'rtunnel/leak.rb'
+require 'rtunnel/server.rb'
+
+require 'rtunnel/rtunnel_client_cmd.rb'
+require 'rtunnel/rtunnel_server_cmd.rb'

data/rtunnel.gemspec

@@ -0,0 +1,51 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{rtunnel}
+  s.version = "0.4.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["coderrr"]
+  s.date = %q{2009-01-26}
+  s.description = %q{Reverse tunnel server and client.}
+  s.email = %q{coderrr.contact@gmail.com}
+  s.executables = ["rtunnel_client", "rtunnel_server"]
+  s.extra_rdoc_files = ["CHANGELOG", "LICENSE", "README.markdown", "bin/rtunnel_client", "bin/rtunnel_server", "lib/rtunnel.rb", "lib/rtunnel/client.rb", "lib/rtunnel/command_protocol.rb", "lib/rtunnel/commands.rb", "lib/rtunnel/core.rb", "lib/rtunnel/crypto.rb", "lib/rtunnel/frame_protocol.rb", "lib/rtunnel/io_extensions.rb", "lib/rtunnel/leak.rb", "lib/rtunnel/rtunnel_client_cmd.rb", "lib/rtunnel/rtunnel_server_cmd.rb", "lib/rtunnel/server.rb", "lib/rtunnel/socket_factory.rb", "lib/rtunnel/connection_id.rb", "lib/rtunnel/command_processor.rb"]
+  s.files = ["CHANGELOG", "LICENSE", "Manifest", "README.markdown", "Rakefile", "bin/rtunnel_client", "bin/rtunnel_server", "lib/rtunnel.rb", "lib/rtunnel/client.rb", "lib/rtunnel/command_protocol.rb", "lib/rtunnel/commands.rb", "lib/rtunnel/core.rb", "lib/rtunnel/crypto.rb", "lib/rtunnel/frame_protocol.rb", "lib/rtunnel/io_extensions.rb", "lib/rtunnel/leak.rb", "lib/rtunnel/rtunnel_client_cmd.rb", "lib/rtunnel/rtunnel_server_cmd.rb", "lib/rtunnel/server.rb", "lib/rtunnel/socket_factory.rb", "lib/rtunnel/connection_id.rb", "lib/rtunnel/command_processor.rb", "spec/client_spec.rb", "spec/cmds_spec.rb", "spec/integration_spec.rb", "spec/server_spec.rb", "spec/spec_helper.rb", "test/command_stubs.rb", "test/protocol_mocks.rb", "test/scenario_connection.rb", "test/test_client.rb", "test/test_command_protocol.rb", "test/test_commands.rb", "test/test_crypto.rb", "test/test_frame_protocol.rb", "test/test_io_extensions.rb", "test/test_server.rb", "test/test_socket_factory.rb", "test/test_tunnel.rb", "test/test_connection_id.rb", "test_data/known_hosts", "test_data/ssh_host_rsa_key", "test_data/random_rsa_key", "test_data/ssh_host_dsa_key", "test_data/authorized_keys2", "tests/_ab_test.rb", "tests/_stress_test.rb", "tests/lo_http_server.rb", "rtunnel.gemspec"]
+  s.has_rdoc = true
+  s.homepage = %q{http://github.com/coderrr/rtunnel}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Rtunnel", "--main", "README.markdown"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{coderrr}
+  s.rubygems_version = %q{1.3.1}
+  s.summary = %q{Reverse tunnel server and client.}
+  s.test_files = ["test/test_commands.rb", "test/test_frame_protocol.rb", "test/test_connection_id.rb", "test/test_tunnel.rb", "test/test_socket_factory.rb", "test/test_client.rb", "test/test_crypto.rb", "test/test_io_extensions.rb", "test/test_command_protocol.rb", "test/test_server.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 2
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<eventmachine>, [">= 0.12.2"])
+      s.add_runtime_dependency(%q<net-ssh>, [">= 2.0.4"])
+      s.add_development_dependency(%q<echoe>, [">= 3.0.1"])
+      s.add_development_dependency(%q<rspec>, [">= 1.1.11"])
+      s.add_development_dependency(%q<simple-daemon>, [">= 0.1.2"])
+      s.add_development_dependency(%q<thin>, [">= 1.0.0"])
+    else
+      s.add_dependency(%q<eventmachine>, [">= 0.12.2"])
+      s.add_dependency(%q<net-ssh>, [">= 2.0.4"])
+      s.add_dependency(%q<echoe>, [">= 3.0.1"])
+      s.add_dependency(%q<rspec>, [">= 1.1.11"])
+      s.add_dependency(%q<simple-daemon>, [">= 0.1.2"])
+      s.add_dependency(%q<thin>, [">= 1.0.0"])
+    end
+  else
+    s.add_dependency(%q<eventmachine>, [">= 0.12.2"])
+    s.add_dependency(%q<net-ssh>, [">= 2.0.4"])
+    s.add_dependency(%q<echoe>, [">= 3.0.1"])
+    s.add_dependency(%q<rspec>, [">= 1.1.11"])
+    s.add_dependency(%q<simple-daemon>, [">= 0.1.2"])
+    s.add_dependency(%q<thin>, [">= 1.0.0"])
+  end
+end

data/spec/client_spec.rb

@@ -0,0 +1,47 @@
+require File.dirname(__FILE__) + '/spec_helper'
+
+require 'client'
+
+include RTunnel
+describe RTunnel::Client, "addresses" do
+  def o(opts)
+    {:control_address => 'x.com', :remote_listen_address => '5555', :tunnel_to_address => '6666'}.merge opts
+  end
+
+  before :all do
+    String.class_eval do
+      alias_method :orig_replace_with_ip!, :replace_with_ip!
+      define_method :replace_with_ip! do
+        self
+      end
+    end
+  end
+
+  after :all do
+    String.class_eval do
+      alias_method :replace_with_ip!, :orig_replace_with_ip!
+    end
+  end
+
+  it "should use default control port if not specified" do
+    Client.new(o :control_address => 'asdf.net').
+      instance_eval { @control_address }.should == "asdf.net:#{DEFAULT_CONTROL_PORT}"
+
+    Client.new(o :control_address => 'asdf.net:1234').
+      instance_eval { @control_address }.should == "asdf.net:1234"
+  end
+
+  it "should use 0.0.0.0 for remote listen host if not specified" do
+    Client.new(o :control_address => 'asdf.net:1234', :remote_listen_address => '8888').
+      instance_eval { @remote_listen_address }.should == '0.0.0.0:8888'
+
+    Client.new(o :control_address => 'asdf.net:1234', :remote_listen_address => 'ip2.asdf.net:8888').
+      instance_eval { @remote_listen_address }.should == 'ip2.asdf.net:8888'
+  end
+
+  it "should use localhost for tunnel to address if not specified" do
+    Client.new(o :tunnel_to_address => '5555').
+      instance_eval { @tunnel_to_address }.should == 'localhost:5555'
+  end
+
+end