snxvpn 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 7ebfddca82d495bb99a638e2a8e0bb797cb99295b13ffacfd552254ff1480e93
+  data.tar.gz: 7f2d3fc406c4fead8ae9f0853d1141bcc45593b3ddaa0033d7be3b6502e5f08f
+SHA512:
+  metadata.gz: 253421610acda74b6f0324fc49e5db3ded94d90f6a5b54809f654ef778a1f9dc67046e26f64799ce2e3e8159977207b74e95ec3ec793cb948f22828817d3daa5
+  data.tar.gz: c9eb6ce4e680b45fea302e24ec83ea0c56714963ea093187a0d1451c04ddcef76ad066a533b7f675e0493abe4a0a229ef2470999e5cec54c8955efa50bef2de5

data/bin/snxvpn

@@ -0,0 +1,234 @@
+#!/usr/bin/env ruby
+
+$stderr.sync = true
+
+require 'yaml'
+require 'optparse'
+require 'net/http'
+require 'logger'
+require 'openssl'
+require 'base64'
+require 'socket'
+require 'ipaddr'
+require 'open3'
+
+class RetryableError < StandardError; end
+
+class FunkyRSA < OpenSSL::PKey::RSA
+
+  def initialize(mod, exp)
+    pubkey = create_encoded_pubkey_from([mod].pack("H*"), [exp].pack("H*"))
+    hexkey = [pubkey].pack("H*")
+    pemkey =  "-----BEGIN RSA PUBLIC KEY-----\n#{Base64.encode64 hexkey}-----END RSA PUBLIC KEY-----"
+    super(pemkey)
+  end
+
+  def hex_encrypt(s)
+    public_encrypt(s).reverse.unpack("H*").first
+  end
+
+  private
+
+  def create_encoded_pubkey_from(rawmod, rawexp)
+    modulus_hex = prepad_signed(rawmod.unpack('H*').first)
+    exponent_hex = prepad_signed(rawexp.unpack('H*').first)
+
+    modlen = modulus_hex.length / 2
+    explen = exponent_hex.length / 2
+    encoded_modlen = encode_length_hex(modlen)
+    encoded_explen = encode_length_hex(explen)
+
+    full_hex_len = modlen + explen + encoded_modlen.length/2 + encoded_explen.length/2 + 2
+    encoded_hex_len = encode_length_hex(full_hex_len)
+
+    "30#{encoded_hex_len}02#{encoded_modlen}#{modulus_hex}02#{encoded_explen}#{exponent_hex}"
+  end
+
+  def prepad_signed(hex)
+    msb = hex[0]
+    (msb < '0' || msb > '7') ? "00#{hex}" : hex
+  end
+
+  def encode_length_hex(der_len) # encode ASN.1 DER length field
+    return int_to_hex(der_len) if der_len <= 127
+
+    hex = int_to_hex(der_len)
+    size = 128 + hex.length/2
+    "#{int_to_hex(size)}#{hex}"
+  end
+
+  def int_to_hex(num)
+    hex = num.to_s(16)
+    hex.length.odd? ? "0#{hex}" : hex
+  end
+
+end
+
+class Runner
+  ENTRY_PATH = '/SNX/Portal/Main'.freeze
+  DEFAULTS = {
+    'realm'      => 'ssl_vpn',
+    'login_type' => 'Standard',
+    'username'   => 'anonymous',
+    'password'   => 'secret',
+    'snxpath'    => 'snx',
+  }.freeze
+
+  def initialize(profile, config_path: File.join(ENV['HOME'], '.snxvpn'))
+    stat = File.stat(config_path)
+    raise ArgumentError, "#{config_path} is not owned by #{ENV['USER']}" unless stat.owned?
+    raise ArgumentError, "#{config_path} mode must be 600" if stat.world_readable? || stat.world_writable?
+
+    raw_config = YAML.load_file(config_path)
+    raise ArgumentError, "#{config_path} contains invalid config" unless raw_config.is_a?(Hash)
+
+    @config = if profile
+      raise ArgumentError, "Unable to find configuration for profile '#{profile}'" unless raw_config.key?(profile)
+      DEFAULTS.merge(raw_config[profile])
+    elsif raw_config.size == 1
+      DEFAULTS.merge(raw_config.values.first)
+    else
+      raise ArgumentError, 'No profile selected'
+    end
+
+    @http = Net::HTTP.new(@config['host'], 443)
+    @http.use_ssl = true
+    @cookies = ["selected_realm=#{@config['realm']}"]
+  end
+
+  def run(retries = 10)
+    # find RSA.js
+    resp       = get(ENTRY_PATH)
+    rsa_path   = resp.body.match(/<script .*?src *\= *["'](.*RSA.js)["']/).to_a[1]
+    raise RetryableError, "Unable to detect a RSA.js script reference on login page" unless rsa_path
+
+    # store paths
+    login_path = resp.uri
+    rsa_path   = File.expand_path(rsa_path, File.dirname(login_path))
+
+    # fetch RSA.js and scan modulus and exponent
+    body     = get(rsa_path).body
+    modulus  = body.match(/var *modulus *\= *\'(\w+)\'/).to_a[1]
+    exponent = body.match(/var *exponent *\= *\'(\w+)\'/).to_a[1]
+    raise RetryableError "Unable to detect modulus/exponent in RSA.js script" unless modulus && exponent
+
+    # build RSA
+    rsa = FunkyRSA.new(modulus, exponent)
+
+    # post to login
+    resp = post(login_path,
+      password: rsa.hex_encrypt(@config['password']),
+      userName: @config['username'],
+      selectedRealm: @config['realm'],
+      loginType: @config['login_type'],
+      HeightData: '',
+      vpid_prefix: '',
+    )
+    raise RetryableError, "Expected redirect to multi-challenge, but got #{resp.uri}" unless resp.uri.include?('MultiChallenge')
+
+    # request OTP until successful
+    while resp.uri.include?('MultiChallenge')
+      inputs  = resp.body.scan(/<input.*?type="hidden".*?name="(username|params|HeightData)"(?:.*?value="(.+?)")?/)
+      payload = Hash[inputs]
+
+      print " + Enter one-time password: "
+      otp  = gets.strip
+      payload['password'] = rsa.hex_encrypt(otp)
+      resp = post(resp.uri, payload)
+    end
+
+    # request extender info
+    resp   = get("/SNX/extender")
+    extinf = Hash[resp.body.scan(/Extender.(\w+) *= *"(.*?)" *;/)]
+    raise RetryableError, "Unable to retrieve extender information" if extinf.empty?
+
+    host_ip = IPAddr.new(IPSocket.getaddress(extinf['host_name']))
+    snxinf  = [
+      "\x13\x11\x00\x00".encode('binary'),  # 4-byte magic
+      [976].pack('L<'),                     # 4-byte data length
+      [host_ip.to_i].pack('L<'),            # 4-byte host IP
+      extinf['host_name'].encode('binary').ljust(64, "\0"), # 64 bytes
+      [extinf['port'].to_i].pack('L<'),     # 4-byte port
+      ''.encode('binary').ljust(6, "\0"),   # 6-bytes blank
+      extinf['server_cn'].encode('binary').ljust(256, "\0"), # 256 bytes
+      extinf['user_name'].encode('binary').ljust(256, "\0"), # 256 bytes
+      extinf['password'].encode('binary').ljust(128, "\0"),  # 128 bytes
+      extinf['server_fingerprint'].encode('binary').ljust(256, "\0"), # 256 bytes
+      "\x01\x00".encode('binary'), # 2 bytes
+    ].join
+
+    output, status = Open3.capture2('snx', '-Z')
+    raise RetryableError, "Unable to start snx: #{output}" unless status.success?
+
+    Socket.tcp("127.0.0.1", 7776) do |sock|
+      sock.write(snxinf)
+      sock.recv(4096) # read answer
+      puts " = Connected! Please leave this running to keep VPN open."
+      sock.recv(4096) # block until snx process dies
+    end
+
+    puts " ! Connection closed. Exiting..."
+  rescue RetryableError
+    raise if retries < 1
+
+    puts " ! #{e.message}. Retrying..."
+    sleep 1
+    run(retries - 1)
+  end
+
+  private
+
+  def post(path, payload)
+    resp = @http.post(path, URI.encode_www_form(payload), headers)
+    handle_response(path, resp)
+
+    case resp
+    when Net::HTTPSuccess then
+      resp
+    when Net::HTTPRedirection then
+      get(resp['location'])
+    else
+      raise "unexpected response from POST #{path} - #{resp.code} #{resp.message}"
+    end
+  end
+
+  def get(path, retries = 10)
+    raise ArgumentError, 'too many HTTP redirects' if retries.zero?
+
+    resp = @http.get(path, headers)
+    handle_response(path, resp)
+
+    case resp
+    when Net::HTTPSuccess then
+      resp
+    when Net::HTTPRedirection then
+      get(resp['location'], retries - 1)
+    when Net::HTTPNotFound then
+      raise "unexpected response from GET #{path} - #{resp.code} #{resp.message}" unless path.include?(ENTRY_PATH)
+      resp
+    else
+      raise "unexpected response from GET #{path} - #{resp.code} #{resp.message}"
+    end
+  end
+
+  def headers
+    {'Cookie' => @cookies.join('; ')} unless @cookies.empty?
+  end
+
+  def handle_response(path, resp)
+    resp.uri = path
+    @cookies += Array(resp.get_fields('set-cookie')).map do |str|
+      str.split('; ')[0]
+    end
+    @cookies.uniq!
+  end
+
+end
+
+begin
+  Runner.new(ARGV[0]).run
+rescue OpenSSL::SSL::SSLError => e
+  abort " ! #{e.message}. Are you already connected to the VPN?"
+rescue StandardError => e
+  abort " ! #{e.message}. Exiting..."
+end if $0 == __FILE__

metadata

@@ -0,0 +1,58 @@
+--- !ruby/object:Gem::Specification
+name: snxvpn
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Dimitrij Denissenko
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-07-25 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ''
+email: dimitrij@blacksquaremedia.com
+executables:
+- snxvpn
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/snxvpn
+homepage: https://bitbucket.org/bsm/snxvpn
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.4.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: SNX VPN connection helper
+test_files: []