smart-proxy-probing 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 185729a0fc727a5a017e0b3385c50a06fb83b8119f5023a236786ad9a6806a8c
-  data.tar.gz: 5216379a6a039da619eac04e5935e493b823937afc31de2513e1988244b31a71
+  metadata.gz: bd8c5984e72b14774fe2b627c2a07e753a0b0b88bd5f2c4836a66398e3c7b32b
+  data.tar.gz: 71953520137a94e049ec1f9ad236b44accb7e0e434e1f7fee55638c14ab513a6
 SHA512:
-  metadata.gz: 1180fa725e16714890f57c167481ee0b027508d51cca1fb4551c7407687bf699e6625bb1ea5d0a3c7bc0366c49d0a0c0fed9df2b4a030d2ec77e82f0eecf6c2c
-  data.tar.gz: 889b2087a16d63200c0de287ee47f10e98b91a3d7e44dc71adb4d1473bc2fca747bb83ed88bef13a2635a6077315d4513ce311b9439d6c85713a7e627932c204
+  metadata.gz: 4d7830b23cb0d0ef2c0e3e995c5a0c23061cad916b6e479dda40e7356e966fbd99df946b0782c4b2884c556d32eee36775f1773d39ab31ac728de63b1adb61f8
+  data.tar.gz: 8530255a7c8b79b5f8a038a7cfa4c32619322b8ff0510f894499f3456ec27fb377aa84901cdab8d95556e23193ef0aa6f2bfc3cfcdef80132c395232d095c913

data/lib/smart-proxy-probing/actions/use_probe.rb

@@ -0,0 +1,79 @@
+require 'smart_proxy_dynflow/runner'
+require 'smart_proxy_dynflow/runner/command_runner'
+
+module Proxy::Probing
+  module Actions
+    class CommandRunner < Proxy::Dynflow::Runner::CommandRunner
+      def initialize(*command)
+        super
+        @command = command
+      end
+
+      def start
+        initialize_command(*@command)
+      end
+    end
+
+    class UseProbe < Proxy::Dynflow::Action::Runner
+      def initiate_runner
+        if input.fetch('options', {})['subnet_discovery']
+          input['local_addresses'] = get_local_addrs
+          input['targets'] = input['local_addresses'].keys
+        end
+        output[:targets] = input[:targets]
+        output[:local_addresses] = input[:local_addresses] if input.key? :local_addresses
+        CommandRunner.new(*probe.command)
+      end
+
+      def finish_run(update)
+        super
+        output[:facts] = process_output(output[:result])
+        output.delete(:result)
+      end
+
+      private
+
+      def process_output(output)
+        stdout, stderr = output.partition { |out| out[:output_type] == 'stdout' }
+        if stderr.any?
+          raise stderr.map { |out| out[:output] }.join('')
+        else
+          output = stdout.map { |out| out[:output] }.join('')
+          probe.parse_result(output)
+        end
+      end
+
+      def probe
+        @probe ||= probe_class.new(input[:targets],
+                                   input[:ports],
+                                   input[:options])
+      end
+
+      def probe_class
+        case input[:scan_type].downcase
+        when 'tcp'
+          Proxy::Probing::Probes::TCP
+        when 'udp'
+          Proxy::Probing::Probes::UDP
+        when 'icmp'
+          Proxy::Probing::Probes::ICMP
+        else
+          raise "Unknown scan_type '#{input[:scan_type]}'"
+        end
+      end
+
+      def get_local_addrs
+        locals = Socket.getifaddrs.select { |ifaddr| ifaddr.addr && ifaddr.addr.ipv4_private? }
+        locals.reduce({}) do |acc, ifaddr|
+          # TODO: This is ugly
+          cidr = 32 - ifaddr.netmask.ip_address.to_i.to_s(2).count('1')
+
+          acc.merge("#{ifaddr.addr.ip_address}/#{cidr}" => { :addr => ifaddr.addr.ip_address,
+                                                             :netmask => ifaddr.netmask.ip_address,
+                                                             :cidr => cidr })
+        end
+      end
+
+    end
+  end
+end

data/lib/smart-proxy-probing/actions.rb

@@ -0,0 +1,7 @@
+require 'dynflow'
+
+module Proxy::Probing
+  module Actions
+    require 'smart-proxy-probing/actions/use_probe'
+  end
+end

data/lib/smart-proxy-probing/neighbour_cache.rb

@@ -0,0 +1,34 @@
+module Proxy::Probing
+  class NeighbourCache
+    def initialize
+      @cache = []
+    end
+
+    def ips_for_mac(mac)
+      @cache.select { |record| record['lladdr'] == mac }.map { |record| record[:ip] }
+    end
+
+    def mac_for_ip(ip)
+      @cache.select { |record| record[:ip] == ip }.map { |record| record['lladdr'] }.first
+    end
+
+    def cache!
+      @cache = `ip neigh show`.lines.map do |line|
+        fields = line.chomp.split(/\s+/)
+        hash = { :ip => fields.shift }
+        fields.each_slice(2) do |k, v|
+          if v
+            hash[k] = v
+          else
+            hash[:state] = k
+          end
+        end
+        hash
+      end
+    end
+
+    def clean!
+      @cache = {}
+    end
+  end
+end

data/lib/smart-proxy-probing/plugin.rb

@@ -8,12 +8,13 @@ module Proxy
         require 'smart_proxy_dynflow'
         require 'smart-proxy-probing/version'
 
-        begin
-          require 'smart_proxy_dynflow_core'
-          require 'foreman-probing-core'
-        rescue LoadError; end
-      end
+        require 'dynflow'
 
+        require 'smart_proxy_dynflow/runner'
+        require 'smart-proxy-probing/actions'
+        require 'smart-proxy-probing/neighbour_cache'
+        require 'smart-proxy-probing/probes'
+      end
     end
   end
 end

data/lib/smart-proxy-probing/probes/abstract.rb

@@ -0,0 +1,29 @@
+module Proxy::Probing
+  module Probes
+    class Abstract
+      class << self
+        def scan_type
+          raise NotImplementedError
+        end
+
+        def humanized_scan_type
+          raise NotImplementedError
+        end
+      end
+
+      def initialize(hosts, ports = [], options = {})
+        @hosts   = Array(hosts)
+        @ports   = Array(ports)
+        @options = options
+      end
+
+      def command
+        raise NotImplementedError
+      end
+
+      def parse_result(string)
+        raise NotImplementedError
+      end
+    end
+  end
+end

data/lib/smart-proxy-probing/probes/icmp.rb

@@ -0,0 +1,18 @@
+module Proxy::Probing
+  module Probes
+    class ICMP < Nmap
+      def self.scan_type
+        'icmp'
+      end
+
+      def self.humanized_scan_type
+        'ICMP'
+      end
+
+      def nmap_flags
+        %w(-sn)
+      end
+    end
+  end
+end
+

data/lib/smart-proxy-probing/probes/nmap.rb

@@ -0,0 +1,95 @@
+require 'ipaddr'
+require 'open3'
+require 'nmap/xml'
+
+module Proxy::Probing
+  module Probes
+    class Nmap < Abstract
+      def command
+        sudo_prefix = self.class.scan_type == 'udp' ? ['sudo'] : []
+        [sudo_prefix, 'nmap', nmap_ipv6_flag, nmap_arguments, nmap_flags, hosts, with_ports(@ports)].flatten
+      end
+
+      # By default just return whatever is passed in
+      # Can be used as an extension point
+      def parse_result(xml)
+        xml_to_hash(xml)
+      end
+
+      private
+      
+      def hosts
+        @hosts.map(&:to_s)
+      end
+
+      def nmap_flags
+        raise NotImplementedError
+      end
+
+      def nmap_arguments
+        %w(-oX -)
+      end
+
+      def nmap_ipv6_flag
+        IPAddr.new(@hosts.first).ipv6? ? '-6' : ''
+      end
+
+      def xml_to_hash(output)
+        xml = ::Nmap::XML.parse(output)
+        xml.hosts.map do |host|
+          ports = host.ports.reduce({}) do |acc, port|
+            service = %w(confidence extra_info fingerprint hostname protocol product version).reduce({}) do |in_acc, key|
+              in_acc.merge(key => port.service.public_send(key.to_sym))
+            end
+            service[:ssl] = port.service.ssl?
+            service[:method] = port.service.fingerprint_method
+            record = {
+                      port.number =>
+                        {
+                         :service => { port.service.name => service },
+                         :state => port.state,
+                         :reason => port.reason,
+                         :scripts => port.scripts
+                        }
+                     }
+            acc.merge(port.protocol => acc.fetch(port.protocol, {}).merge(record))
+          end
+          {
+           :_type     => :foreman_probing,
+           :addresses => factify_addresses(lookup_addresses(host.addresses.map(&:to_h))),
+           :hostnames => host.hostnames.map(&:to_h),
+           :ports     => ports,
+           :status    => host.status.to_h
+          }
+        end
+      end
+
+      def with_ports(ports)
+        return '' if ports.empty? || nmap_flags.include?("-sn")
+        "-p #{ports.join(',')}"
+      end
+
+      def factify_addresses(addresses)
+        addresses.reduce({}) do |acc, address|
+          type = address.delete(:type)
+          addr = address.delete(:addr)
+          acc.update(type => { addr => address })
+        end
+      end
+
+      def lookup_addresses(addresses)
+        @neighbour_cache ||= Proxy::Probing::NeighbourCache.new.tap(&:cache!)
+        ips = addresses.map { |address| address[:addr] }
+        macs = ips.map do |ip|
+          @neighbour_cache.mac_for_ip(ip)
+        end.compact
+        new_ips = macs.map do |mac|
+          @neighbour_cache.ips_for_mac(mac).select { |ip| !ips.include? ip }.map do |ip|
+            { :type => IPAddr.new(ip).ipv4? ? 'ipv4' : 'ipv6', :addr => ip, :vendor => nil }
+          end
+        end
+        addresses + new_ips.flatten + macs.flatten.map { |mac| { :type => 'hwaddr', :addr => mac, :vendor => nil } }
+      end
+    end
+  end
+end

data/lib/smart-proxy-probing/probes/tcp.rb

@@ -0,0 +1,19 @@
+module Proxy::Probing
+  module Probes
+    class TCP < Nmap
+      def self.scan_type
+        'tcp'
+      end
+
+      def self.humanized_scan_type
+        _('TCP')
+      end
+
+      def nmap_flags
+        # Use TCP connect scan with service detection
+        %w(-sT -sV -T4 -A)
+      end
+    end
+  end
+end
+

data/lib/smart-proxy-probing/probes/udp.rb

@@ -0,0 +1,19 @@
+module Proxy::Probing
+  module Probes
+    class UDP < Nmap
+      def self.scan_type
+        'udp'
+      end
+
+      def self.humanized_scan_type
+        _('UDP')
+      end
+
+      def nmap_flags
+        # Use UDP scan with service detection
+        %w(-sU -sV)
+      end
+    end
+  end
+end
+

data/lib/smart-proxy-probing/probes.rb

@@ -0,0 +1,9 @@
+module Proxy::Probing
+  module Probes
+    require 'smart-proxy-probing/probes/abstract'
+    require 'smart-proxy-probing/probes/nmap'
+    require 'smart-proxy-probing/probes/tcp'
+    require 'smart-proxy-probing/probes/udp'
+    require 'smart-proxy-probing/probes/icmp'
+  end
+end

data/lib/smart-proxy-probing/version.rb

@@ -1,5 +1,5 @@
 module Proxy
   module Probing
-    VERSION = '0.0.3'
+    VERSION = '0.0.4'
   end
 end

data/lib/smart-proxy-probing.rb

@@ -2,9 +2,23 @@ require 'smart_proxy_dynflow'
 
 module Proxy
   module Probing
-
     require 'smart-proxy-probing/version'
     require 'smart-proxy-probing/plugin'
 
+    class << self
+      def use_nmap?
+        # TODO:
+        # Settings.nmap_enabled &&
+        nmap_available?
+      end
+
+      def nmap_available?
+        return @nmap_available unless @nmap_available.nil?
+        `nmap`
+        @nmap_available = true
+      rescue Errno::ENOENT
+        @nmap_available = false
+      end
+    end
   end
 end

metadata

@@ -1,29 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: smart-proxy-probing
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
 platform: ruby
 authors:
 - Adam Ruzicka
 autorequire:
 bindir: bin
 cert_chain: []
-date: 1980-01-01 00:00:00.000000000 Z
+date: 2021-10-21 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: ruby-nmap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
 - !ruby/object:Gem::Dependency
   name: smart_proxy_dynflow
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.5'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.1'
+        version: '0.5'
 description: "    Gem to allow probing through smart-proxy\n"
 email:
 - aruzicka@redhat.com
@@ -33,9 +47,17 @@ extra_rdoc_files:
 - LICENSE
 files:
 - LICENSE
-- bundler.plugins.d/probing.rb
 - lib/smart-proxy-probing.rb
+- lib/smart-proxy-probing/actions.rb
+- lib/smart-proxy-probing/actions/use_probe.rb
+- lib/smart-proxy-probing/neighbour_cache.rb
 - lib/smart-proxy-probing/plugin.rb
+- lib/smart-proxy-probing/probes.rb
+- lib/smart-proxy-probing/probes/abstract.rb
+- lib/smart-proxy-probing/probes/icmp.rb
+- lib/smart-proxy-probing/probes/nmap.rb
+- lib/smart-proxy-probing/probes/tcp.rb
+- lib/smart-proxy-probing/probes/udp.rb
 - lib/smart-proxy-probing/version.rb
 - settings.d/probing.yml.example
 homepage: https://github.com/adamruzicka/smart-proxy-probing

data/bundler.plugins.d/probing.rb

@@ -1 +0,0 @@
-gem 'smart-proxy-probing'