RubyGems - snxvpn - Versions diffs - 0.1.0 → 0.1.1 - Mend

snxvpn 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7ebfddca82d495bb99a638e2a8e0bb797cb99295b13ffacfd552254ff1480e93
-  data.tar.gz: 7f2d3fc406c4fead8ae9f0853d1141bcc45593b3ddaa0033d7be3b6502e5f08f
+  metadata.gz: c5a236667c5ac56a6d62ce31f2b7542fa191bc02b5da9d128ce2ef34f960f936
+  data.tar.gz: 2d21393ea95878e147fd7f7716f791ae0987e9e3074589084440e8fabb980019
 SHA512:
-  metadata.gz: 253421610acda74b6f0324fc49e5db3ded94d90f6a5b54809f654ef778a1f9dc67046e26f64799ce2e3e8159977207b74e95ec3ec793cb948f22828817d3daa5
-  data.tar.gz: c9eb6ce4e680b45fea302e24ec83ea0c56714963ea093187a0d1451c04ddcef76ad066a533b7f675e0493abe4a0a229ef2470999e5cec54c8955efa50bef2de5
+  metadata.gz: 1d377b517ca04c53eaed0baa5d9109d36775e1bd6e907ae6c8fa38a59d208fcfbdbd4bf78cad840d4e003ec00755c78c122250ad1d96894db34311b8a35f58d4
+  data.tar.gz: 2f6f07413208739239ae042e3b25d0b5080b71cc6e5623b1ea5609dd91a612cd5994b63680310d041d83ad5808fc81161839c1af937bda57333be94310036bc7

data/bin/snxvpn CHANGED Viewed

@@ -2,233 +2,14 @@
 $stderr.sync = true
-require 'yaml'
-require 'optparse'
-require 'net/http'
-require 'logger'
-require 'openssl'
-require 'base64'
-require 'socket'
-require 'ipaddr'
-require 'open3'
-class RetryableError < StandardError; end
-class FunkyRSA < OpenSSL::PKey::RSA
-  def initialize(mod, exp)
-    pubkey = create_encoded_pubkey_from([mod].pack("H*"), [exp].pack("H*"))
-    hexkey = [pubkey].pack("H*")
-    pemkey =  "-----BEGIN RSA PUBLIC KEY-----\n#{Base64.encode64 hexkey}-----END RSA PUBLIC KEY-----"
-    super(pemkey)
-  end
-  def hex_encrypt(s)
-    public_encrypt(s).reverse.unpack("H*").first
-  end
-  private
-  def create_encoded_pubkey_from(rawmod, rawexp)
-    modulus_hex = prepad_signed(rawmod.unpack('H*').first)
-    exponent_hex = prepad_signed(rawexp.unpack('H*').first)
-    modlen = modulus_hex.length / 2
-    explen = exponent_hex.length / 2
-    encoded_modlen = encode_length_hex(modlen)
-    encoded_explen = encode_length_hex(explen)
-    full_hex_len = modlen + explen + encoded_modlen.length/2 + encoded_explen.length/2 + 2
-    encoded_hex_len = encode_length_hex(full_hex_len)
-    "30#{encoded_hex_len}02#{encoded_modlen}#{modulus_hex}02#{encoded_explen}#{exponent_hex}"
-  end
-  def prepad_signed(hex)
-    msb = hex[0]
-    (msb < '0' || msb > '7') ? "00#{hex}" : hex
-  end
-  def encode_length_hex(der_len) # encode ASN.1 DER length field
-    return int_to_hex(der_len) if der_len <= 127
-    hex = int_to_hex(der_len)
-    size = 128 + hex.length/2
-    "#{int_to_hex(size)}#{hex}"
-  end
-  def int_to_hex(num)
-    hex = num.to_s(16)
-    hex.length.odd? ? "0#{hex}" : hex
-  end
-end
-class Runner
-  ENTRY_PATH = '/SNX/Portal/Main'.freeze
-  DEFAULTS = {
-    'realm'      => 'ssl_vpn',
-    'login_type' => 'Standard',
-    'username'   => 'anonymous',
-    'password'   => 'secret',
-    'snxpath'    => 'snx',
-  }.freeze
-  def initialize(profile, config_path: File.join(ENV['HOME'], '.snxvpn'))
-    stat = File.stat(config_path)
-    raise ArgumentError, "#{config_path} is not owned by #{ENV['USER']}" unless stat.owned?
-    raise ArgumentError, "#{config_path} mode must be 600" if stat.world_readable? || stat.world_writable?
-    raw_config = YAML.load_file(config_path)
-    raise ArgumentError, "#{config_path} contains invalid config" unless raw_config.is_a?(Hash)
-    @config = if profile
-      raise ArgumentError, "Unable to find configuration for profile '#{profile}'" unless raw_config.key?(profile)
-      DEFAULTS.merge(raw_config[profile])
-    elsif raw_config.size == 1
-      DEFAULTS.merge(raw_config.values.first)
-    else
-      raise ArgumentError, 'No profile selected'
-    end
-    @http = Net::HTTP.new(@config['host'], 443)
-    @http.use_ssl = true
-    @cookies = ["selected_realm=#{@config['realm']}"]
-  end
-  def run(retries = 10)
-    # find RSA.js
-    resp       = get(ENTRY_PATH)
-    rsa_path   = resp.body.match(/<script .*?src *\= *["'](.*RSA.js)["']/).to_a[1]
-    raise RetryableError, "Unable to detect a RSA.js script reference on login page" unless rsa_path
-    # store paths
-    login_path = resp.uri
-    rsa_path   = File.expand_path(rsa_path, File.dirname(login_path))
-    # fetch RSA.js and scan modulus and exponent
-    body     = get(rsa_path).body
-    modulus  = body.match(/var *modulus *\= *\'(\w+)\'/).to_a[1]
-    exponent = body.match(/var *exponent *\= *\'(\w+)\'/).to_a[1]
-    raise RetryableError "Unable to detect modulus/exponent in RSA.js script" unless modulus && exponent
-    # build RSA
-    rsa = FunkyRSA.new(modulus, exponent)
-    # post to login
-    resp = post(login_path,
-      password: rsa.hex_encrypt(@config['password']),
-      userName: @config['username'],
-      selectedRealm: @config['realm'],
-      loginType: @config['login_type'],
-      HeightData: '',
-      vpid_prefix: '',
-    )
-    raise RetryableError, "Expected redirect to multi-challenge, but got #{resp.uri}" unless resp.uri.include?('MultiChallenge')
-    # request OTP until successful
-    while resp.uri.include?('MultiChallenge')
-      inputs  = resp.body.scan(/<input.*?type="hidden".*?name="(username|params|HeightData)"(?:.*?value="(.+?)")?/)
-      payload = Hash[inputs]
-      print " + Enter one-time password: "
-      otp  = gets.strip
-      payload['password'] = rsa.hex_encrypt(otp)
-      resp = post(resp.uri, payload)
-    end
-    # request extender info
-    resp   = get("/SNX/extender")
-    extinf = Hash[resp.body.scan(/Extender.(\w+) *= *"(.*?)" *;/)]
-    raise RetryableError, "Unable to retrieve extender information" if extinf.empty?
-    host_ip = IPAddr.new(IPSocket.getaddress(extinf['host_name']))
-    snxinf  = [
-      "\x13\x11\x00\x00".encode('binary'),  # 4-byte magic
-      [976].pack('L<'),                     # 4-byte data length
-      [host_ip.to_i].pack('L<'),            # 4-byte host IP
-      extinf['host_name'].encode('binary').ljust(64, "\0"), # 64 bytes
-      [extinf['port'].to_i].pack('L<'),     # 4-byte port
-      ''.encode('binary').ljust(6, "\0"),   # 6-bytes blank
-      extinf['server_cn'].encode('binary').ljust(256, "\0"), # 256 bytes
-      extinf['user_name'].encode('binary').ljust(256, "\0"), # 256 bytes
-      extinf['password'].encode('binary').ljust(128, "\0"),  # 128 bytes
-      extinf['server_fingerprint'].encode('binary').ljust(256, "\0"), # 256 bytes
-      "\x01\x00".encode('binary'), # 2 bytes
-    ].join
-    output, status = Open3.capture2('snx', '-Z')
-    raise RetryableError, "Unable to start snx: #{output}" unless status.success?
-    Socket.tcp("127.0.0.1", 7776) do |sock|
-      sock.write(snxinf)
-      sock.recv(4096) # read answer
-      puts " = Connected! Please leave this running to keep VPN open."
-      sock.recv(4096) # block until snx process dies
-    end
-    puts " ! Connection closed. Exiting..."
-  rescue RetryableError
-    raise if retries < 1
-    puts " ! #{e.message}. Retrying..."
-    sleep 1
-    run(retries - 1)
-  end
-  private
-  def post(path, payload)
-    resp = @http.post(path, URI.encode_www_form(payload), headers)
-    handle_response(path, resp)
-    case resp
-    when Net::HTTPSuccess then
-      resp
-    when Net::HTTPRedirection then
-      get(resp['location'])
-    else
-      raise "unexpected response from POST #{path} - #{resp.code} #{resp.message}"
-    end
-  end
-  def get(path, retries = 10)
-    raise ArgumentError, 'too many HTTP redirects' if retries.zero?
-    resp = @http.get(path, headers)
-    handle_response(path, resp)
-    case resp
-    when Net::HTTPSuccess then
-      resp
-    when Net::HTTPRedirection then
-      get(resp['location'], retries - 1)
-    when Net::HTTPNotFound then
-      raise "unexpected response from GET #{path} - #{resp.code} #{resp.message}" unless path.include?(ENTRY_PATH)
-      resp
-    else
-      raise "unexpected response from GET #{path} - #{resp.code} #{resp.message}"
-    end
-  end
-  def headers
-    {'Cookie' => @cookies.join('; ')} unless @cookies.empty?
-  end
-  def handle_response(path, resp)
-    resp.uri = path
-    @cookies += Array(resp.get_fields('set-cookie')).map do |str|
-      str.split('; ')[0]
-    end
-    @cookies.uniq!
-  end
-end
+require 'snxvpn'
 begin
-  Runner.new(ARGV[0]).run
+  Snxvpn::CLI.new(ARGV[0]).run
 rescue OpenSSL::SSL::SSLError => e
   abort " ! #{e.message}. Are you already connected to the VPN?"
 rescue StandardError => e
   abort " ! #{e.message}. Exiting..."
+rescue SignalException => e
+  abort " ! Received #{e.class}. Exiting..."
 end if $0 == __FILE__

data/lib/snxvpn.rb ADDED Viewed

@@ -0,0 +1,17 @@
+require 'yaml'
+require 'optparse'
+require 'net/http'
+require 'logger'
+require 'openssl'
+require 'base64'
+require 'socket'
+require 'ipaddr'
+require 'open3'
+module Snxvpn
+  class RetryableError < ::StandardError; end
+end
+%w|config ext_info rsa cli|.each do |name|
+  require "snxvpn/#{name}"
+end

data/lib/snxvpn/cli.rb ADDED Viewed

@@ -0,0 +1,129 @@
+require 'yaml'
+require 'optparse'
+require 'net/http'
+require 'logger'
+require 'openssl'
+require 'base64'
+require 'socket'
+require 'ipaddr'
+require 'open3'
+module Snxvpn
+  class CLI
+    attr_reader :config, :http
+    def initialize(profile, config_path: File.join(ENV['HOME'], '.snxvpn'))
+      @config = Config.new(config_path, profile)
+      @http = Net::HTTP.new(@config[:host], 443)
+      @http.use_ssl = true
+      @cookies = ["selected_realm=#{@config[:realm]}"]
+    end
+    def run(retries = 10)
+      # find RSA.js
+      resp       = get(config[:entry_path])
+      rsa_path   = resp.body.match(/<script .*?src *\= *["'](.*RSA.js)["']/).to_a[1]
+      raise RetryableError, "Unable to detect a RSA.js script reference on login page" unless rsa_path
+      # store paths
+      login_path = resp.uri
+      rsa_path   = File.expand_path(rsa_path, File.dirname(login_path))
+      # fetch RSA.js and parse RSA
+      rsa  = RSA.parse(get(rsa_path).body)
+      raise RetryableError "Unable to detect modulus/exponent in RSA.js script" unless rsa
+      # post to login
+      resp = post(login_path,
+        password: rsa.hex_encrypt(config[:password]),
+        userName: config[:username],
+        selectedRealm: config[:realm],
+        loginType: config[:login_type],
+        HeightData: '',
+        vpid_prefix: '',
+      )
+      raise RetryableError, "Expected redirect to multi-challenge, but got #{resp.uri}" unless resp.uri.include?('MultiChallenge')
+      # request OTP until successful
+      inputs  = resp.body.scan(/<input.*?type="hidden".*?name="(username|params|HeightData)"(?:.*?value="(.+?)")?/)
+      payload = Hash[inputs]
+      while resp.uri.include?('MultiChallenge')
+        print " + Enter one-time password: "
+        otp  = gets.strip
+        payload['password'] = rsa.hex_encrypt(otp)
+        resp = post(resp.uri, payload)
+      end
+      # request extender info
+      ext_info = ExtInfo.new get("/SNX/extender").body
+      raise RetryableError, "Unable to retrieve extender information" if ext_info.empty?
+      output, status = Open3.capture2(config[:snx_path], '-Z')
+      raise RetryableError, "Unable to start snx: #{output}" unless status.success?
+      Socket.tcp('127.0.0.1', 7776) do |sock|
+        sock.write(ext_info.payload)
+        sock.recv(4096) # read answer
+        puts ' = Connected! Please leave this running to keep VPN open.'
+        sock.recv(4096) # block until snx process dies
+      end
+      puts ' ! Connection closed. Exiting...'
+    rescue RetryableError
+      raise if retries < 1
+      puts ' ! #{e.message}. Retrying...'
+      sleep 1
+      run(retries - 1)
+    end
+    private
+    def get(path, retries = 10)
+      raise ArgumentError, 'too many HTTP redirects' if retries.zero?
+      resp = @http.get(path, headers)
+      handle_response(path, resp)
+      case resp
+      when Net::HTTPSuccess then
+        resp
+      when Net::HTTPRedirection then
+        get(resp['location'], retries - 1)
+      when Net::HTTPNotFound then
+        raise "unexpected response from GET #{path} - #{resp.code} #{resp.message}" unless path.include?(config[:entry_path])
+        resp
+      else
+        raise "unexpected response from GET #{path} - #{resp.code} #{resp.message}"
+      end
+    end
+    def post(path, payload)
+      resp = @http.post(path, URI.encode_www_form(payload), headers)
+      handle_response(path, resp)
+      case resp
+      when Net::HTTPSuccess then
+        resp
+      when Net::HTTPRedirection then
+        get(resp['location'])
+      else
+        raise "unexpected response from POST #{path} - #{resp.code} #{resp.message}"
+      end
+    end
+    def headers
+      {'Cookie' => @cookies.join('; ')} unless @cookies.empty?
+    end
+    def handle_response(path, resp)
+      resp.uri = path
+      @cookies += Array(resp.get_fields('set-cookie')).map do |str|
+        str.split('; ')[0]
+      end
+      @cookies.uniq!
+    end
+  end
+end

data/lib/snxvpn/config.rb ADDED Viewed

@@ -0,0 +1,37 @@
+module Snxvpn
+  class Config < Hash
+    DEFAULTS = {
+      'realm'      => 'ssl_vpn',
+      'login_type' => 'Standard',
+      'username'   => 'anonymous',
+      'password'   => 'secret',
+      'snx_path'   => 'snx',
+      'entry_path' => '/SNX/Portal/Main',
+    }.freeze
+    def initialize(path, profile = nil)
+      stat = File.stat(path)
+      raise ArgumentError, "#{path} is not owned by the current user" unless stat.owned?
+      raise ArgumentError, "#{path} mode must be 600" if stat.world_readable? || stat.world_writable?
+      raw = YAML.load_file(path)
+      raise ArgumentError, "#{path} contains invalid config" unless raw.is_a?(Hash)
+      update DEFAULTS
+      if profile
+        raise ArgumentError, "Unable to find configuration for profile '#{profile}'" unless raw.key?(profile)
+        update raw[profile]
+      elsif raw.size == 1
+        update raw.values.first
+      else
+        raise ArgumentError, 'No profile selected'
+      end
+    end
+    def [](key)
+      super(key.to_s)
+    end
+  end
+end

data/lib/snxvpn/ext_info.rb ADDED Viewed

@@ -0,0 +1,28 @@
+module Snxvpn
+  class ExtInfo < Hash
+    def initialize(body)
+      update Hash[body.scan(/Extender.(\w+) *= *"(.*?)" *;/)]
+    end
+    def payload
+      host_ip = IPAddr.new(IPSocket.getaddress(self['host_name']))
+      snxinf  = [
+        "\x13\x11\x00\x00".encode('binary'),  # 4-byte magic
+        [976].pack('L<'),                     # 4-byte data length
+        [host_ip.to_i].pack('L<'),            # 4-byte host IP
+        self['host_name'].encode('binary').ljust(64, "\0"), # 64 bytes
+        [self['port'].to_i].pack('L<'),     # 4-byte port
+        ''.encode('binary').ljust(6, "\0"),   # 6-bytes blank
+        self['server_cn'].encode('binary').ljust(256, "\0"), # 256 bytes
+        self['user_name'].encode('binary').ljust(256, "\0"), # 256 bytes
+        self['password'].encode('binary').ljust(128, "\0"),  # 128 bytes
+        self['server_fingerprint'].encode('binary').ljust(256, "\0"), # 256 bytes
+        "\x01\x00".encode('binary'), # 2 bytes
+      ].join
+    end
+  end
+end

data/lib/snxvpn/rsa.rb ADDED Viewed

@@ -0,0 +1,57 @@
+module Snxvpn
+  class RSA < OpenSSL::PKey::RSA
+    def self.parse(body)
+      mod = body.match(/var *modulus *\= *\'(\w+)\'/).to_a[1]
+      exp = body.match(/var *exponent *\= *\'(\w+)\'/).to_a[1]
+      new(mod, exp) if mod && exp
+    end
+    def initialize(mod, exp)
+      pubkey = create_encoded_pubkey_from([mod].pack("H*"), [exp].pack("H*"))
+      hexkey = [pubkey].pack("H*")
+      pemkey =  "-----BEGIN RSA PUBLIC KEY-----\n#{Base64.encode64 hexkey}-----END RSA PUBLIC KEY-----"
+      super(pemkey)
+    end
+    def hex_encrypt(s)
+      public_encrypt(s).reverse.unpack("H*").first
+    end
+    private
+    def create_encoded_pubkey_from(rawmod, rawexp)
+      modulus_hex = prepad_signed(rawmod.unpack('H*').first)
+      exponent_hex = prepad_signed(rawexp.unpack('H*').first)
+      modlen = modulus_hex.length / 2
+      explen = exponent_hex.length / 2
+      encoded_modlen = encode_length_hex(modlen)
+      encoded_explen = encode_length_hex(explen)
+      full_hex_len = modlen + explen + encoded_modlen.length/2 + encoded_explen.length/2 + 2
+      encoded_hex_len = encode_length_hex(full_hex_len)
+      "30#{encoded_hex_len}02#{encoded_modlen}#{modulus_hex}02#{encoded_explen}#{exponent_hex}"
+    end
+    def prepad_signed(hex)
+      msb = hex[0]
+      (msb < '0' || msb > '7') ? "00#{hex}" : hex
+    end
+    def encode_length_hex(der_len) # encode ASN.1 DER length field
+      return int_to_hex(der_len) if der_len <= 127
+      hex = int_to_hex(der_len)
+      size = 128 + hex.length/2
+      "#{int_to_hex(size)}#{hex}"
+    end
+    def int_to_hex(num)
+      hex = num.to_s(16)
+      hex.length.odd? ? "0#{hex}" : hex
+    end
+  end
+end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: snxvpn
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Dimitrij Denissenko
@@ -32,6 +32,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - bin/snxvpn
+- lib/snxvpn.rb
+- lib/snxvpn/cli.rb
+- lib/snxvpn/config.rb
+- lib/snxvpn/ext_info.rb
+- lib/snxvpn/rsa.rb
 homepage: https://bitbucket.org/bsm/snxvpn
 licenses: []
 metadata: {}