sparoid 1.0.0 → 1.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 97ffed008109eb32f070fc300c536cd29f000c6ff943b67bff64658c218f70ce
-  data.tar.gz: 87fcc661eb04ee0a79b9d9cbd4ef12b5f80c8a4c1856569076f1eac57a37c41b
+  metadata.gz: 10aba94e127e9bfb74963c3e88276ef11879e16db16cb6e44fd8e01476c747b7
+  data.tar.gz: 4b64175b2dbc751bd409624f48b11fb2629268f1b42d81df8cf1b410bf579507
 SHA512:
-  metadata.gz: ded717258409725cbf49b97fd9c704dbbe550a024f4ce09b484640306079f67ccfd43f64d063326c787ed700cef4db09179b6facb98c7403304dad0a861216ea
-  data.tar.gz: 180a6a9ae33549e198130f73e3e4bd5e9ce4e63727668e6ea2124e22ade18b4e7324efb15abf00053fc22b0728a05d17f49cff353a6f68cdf6b3bf9709b5fab4
+  metadata.gz: 3218c0a291f09ac0b66ca26c0fe5f7d5675d6aacc7dab69e72e3a645ebfea828eacadd62ce477634ebb3be245ddd23b05955a439ea637af32e45ec3c5adb89f2
+  data.tar.gz: e6e7c9f967abce41da45a20066e448351279720f231af9cfb49b62e46090360093411f84537b25a5329e3792447f4a8e0305d450bc8ab210441421521bcbba0b

data/.gitignore

@@ -6,3 +6,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+Gemfile.lock

data/CHANGELOG.md

@@ -1,4 +1,23 @@
-## [Unreleased]
+## [1.0.5] - 2021-04-12
+
+- Prefix all logging with `Sparoid: `
+
+## [1.0.4] - 2021-03-25
+
+- Only warn if config is missing when connecting with CLI
+
+## [1.0.3] - 2021-03-17
+
+- Nicer error handling in CLI, remove --fdpass option
+
+## [1.0.2] - 2021-03-15
+
+- `sparoid send` renamed to `sparoid auth`
+- `sparoid connect [host] [port]` added for automatic fd passing
+
+## [1.0.1] - 2021-03-12
+
+- --fdpass option to send
 
 ## [1.0.0] - 2021-03-11
 

data/README.md

@@ -20,7 +20,15 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+...
+
+Can be used with OpenSSH's ProxyCommand/ProxyUseFdpass to send the packet before connecting, open the TCP connection and that pass that connection back to the SSH client.
+
+```
+Host *.example.com
+  ProxyCommand sparoid send %h --passfd %p
+  ProxyUseFdpass yes
+```
 
 ## Development
 

data/lib/sparoid.rb

@@ -7,20 +7,41 @@ require "resolv"
 
 # Single Packet Authorisation client
 module Sparoid
-  def self.send(key, hmac_key, host, port)
+  extend self
+
+  # Send an authorization packet
+  def auth(key, hmac_key, host, port)
     msg = message(public_ip)
     data = prefix_hmac(hmac_key, encrypt(key, msg))
-    udp_send(host, port, data)
+    sendmsg(host, port, data)
+  end
+
+  # Generate new aes and hmac keys, print to stdout
+  def keygen
+    cipher = OpenSSL::Cipher.new("aes-256-cbc")
+    key = cipher.random_key.unpack1("H*")
+    hmac_key = OpenSSL::Random.random_bytes(32).unpack1("H*")
+    puts "key = #{key}"
+    puts "hmac-key = #{hmac_key}"
+  end
+
+  # Connect to a TCP server and pass the FD to the parent
+  def fdpass(host, port, connect_timeout: 20)
+    tcp = Socket.tcp host, port, connect_timeout: connect_timeout
+    parent = Socket.for_fd(1)
+    parent.sendmsg "\0", 0, nil, Socket::AncillaryData.unix_rights(tcp)
   end
 
-  def self.udp_send(host, port, data)
-    socket = UDPSocket.new
-    socket.connect host, port
-    socket.send data, 0
-    socket.close
+  private
+
+  def sendmsg(host, port, data)
+    UDPSocket.open do |socket|
+      socket.connect host, port
+      socket.sendmsg data, 0
+    end
   end
 
-  def self.encrypt(key, data)
+  def encrypt(key, data)
     key = [key].pack("H*") # hexstring to bytes
     raise ArgumentError, "Key must be 32 bytes hex encoded" if key.bytesize != 32
 
@@ -34,7 +55,7 @@ module Sparoid
     output << cipher.final
   end
 
-  def self.prefix_hmac(hmac_key, data)
+  def prefix_hmac(hmac_key, data)
     hmac_key = [hmac_key].pack("H*") # hexstring to bytes
     raise ArgumentError, "HMAC key must be 32 bytes hex encoded" if hmac_key.bytesize != 32
 
@@ -42,31 +63,29 @@ module Sparoid
     hmac + data
   end
 
-  def self.message(ip)
+  def message(ip)
     version = 1
     ts = (Time.now.utc.to_f * 1000).floor
     nounce = OpenSSL::Random.random_bytes(16)
     [version, ts, nounce, ip.address].pack("Nq>a16a4")
   end
 
-  def self.public_ip
+  def public_ip
     Resolv::DNS.open(nameserver: ["resolver1.opendns.com"]) do |dns|
-      dns.each_address("myip.opendns.com") do |resolv|
-        case resolv
-        when Resolv::IPv4 then return resolv
-        end
-      end
-      raise Error, "No public IPv4 address found"
+      dns.getresource("myip.opendns.com", Resolv::DNS::Resource::IN::A).address
     end
   end
 
-  def self.keygen
-    cipher = OpenSSL::Cipher.new("aes-256-cbc")
-    key = cipher.random_key.unpack1("H*")
-    hmac_key = OpenSSL::Random.random_bytes(32).unpack1("H*")
-    puts "key = #{key}"
-    puts "hmac-key = #{hmac_key}"
-  end
-
   class Error < StandardError; end
+
+  # Instance of SPAroid that only resolved public_ip once
+  class Instance
+    include Sparoid
+
+    private
+
+    def public_ip
+      @public_ip ||= super
+    end
+  end
 end

data/lib/sparoid/cli.rb

@@ -6,13 +6,27 @@ require_relative "../sparoid"
 module Sparoid
   # CLI
   class CLI < Thor
-    desc "send HOST [PORT]", "Send a packet"
-    method_option :config, default: "~/.sparoid.ini"
-    def send(host, port = 8484)
-      abort "Config not found" unless File.exist? options[:config]
+    desc "auth HOST [PORT]", "Send a authorization packet"
+    method_option :config, desc: "Path to a config file, INI format, with key and hmac-key", default: "~/.sparoid.ini"
+    def auth(host, port = 8484)
+      send_auth(host, port, options[:config])
+    rescue Errno::ENOENT
+      abort "Sparoid: Config not found"
+    rescue StandardError => e
+      abort "Sparoid: #{e.message}"
+    end
 
-      key, hmac_key = get_keys(parse_ini(options[:config]))
-      Sparoid.send(key, hmac_key, host, port.to_i)
+    desc "connect HOST PORT [SPA-PORT]", "Send a SPA, TCP connect, and then pass the FD back to the parent"
+    method_option :config, desc: "Path to a config file, INI format, with key and hmac-key", default: "~/.sparoid.ini"
+    def connect(host, port, spa_port = 8484)
+      begin
+        send_auth(host, spa_port, options[:config])
+      rescue Errno::ENOENT
+        warn "Sparoid: Config not found"
+      end
+      Sparoid.fdpass(host, port)
+    rescue StandardError => e
+      abort "Sparoid: #{e.message}"
     end
 
     desc "keygen", "Generate an encryption key and a HMAC key"
@@ -26,8 +40,13 @@ module Sparoid
 
     private
 
+    def send_auth(host, port, config)
+      key, hmac_key = get_keys(parse_ini(config))
+      Sparoid.auth(key, hmac_key, host, port.to_i)
+    end
+
     def parse_ini(path)
-      File.readlines(path).map! { |l| l.split("=", 2).map!(&:strip) }.to_h
+      File.readlines(File.expand_path(path)).map! { |line| line.split("=", 2).map!(&:strip) }.to_h
     end
 
     def get_keys(config)

data/lib/sparoid/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sparoid
-  VERSION = "1.0.0"
+  VERSION = "1.0.5"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sparoid
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.5
 platform: ruby
 authors:
 - Carl Hörberg
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-11 00:00:00.000000000 Z
+date: 2021-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -69,7 +69,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key:
 specification_version: 4
 summary: Single Packet Authorisation client