sparoid 1.0.1 → 1.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6069344b10804fda4024554fc6bfb9490c52ef0ef197dfcb598724cb760f587d
-  data.tar.gz: 35cc6eec43bb0b03fd2938166628618936c9659768b5454d880d96b942da04d1
+  metadata.gz: a9c9e31643c35e5466c71be88339a2c7999e401d893b6c7364597380def920cf
+  data.tar.gz: 237a5a03c2b3a306b25ad947754ce92acb866dcf2985650e27720773edc1f39e
 SHA512:
-  metadata.gz: c361191ea89d2c980dc89a639c11cdf77575006526560f00ae4a200e79b9ba5a66b282d1f2b9b750af5135652316cbffc87476100af6799dc904e8aa8b5f2ffb
-  data.tar.gz: 3b6df9484af0ee540bedff510f9643642151da0558767d9a20de4dfb7d8217df5ff25623802ccba00c5855ba3e002c22743eac0bbfff9322480b86d2ce4e2c3d
+  metadata.gz: a417c0b53950536d98a43f417690952e2b4bf41b3bcb72b13e8bd52e367f9a0a814b7e10ce9072b57098b48cd8ee36c41166f354f6eb6b0782430e4a945e7bf3
+  data.tar.gz: fc30ef678295a18379cd770840f702c2c328047fcbe9bbaa6fd65514c95105a29b88fd946a0c7bcf0cf93703dba2a6cd547a81ec6dc9c31e73f7bf06626e9c45

data/.gitignore

@@ -6,3 +6,4 @@
 /pkg/
 /spec/reports/
 /tmp/
+Gemfile.lock

data/CHANGELOG.md

@@ -1,4 +1,27 @@
-## [Unreleased]
+## [1.0.6] - 2021-04-13
+
+- Use static IP for opendns resolver, saves one DNS lookup
+
+## [1.0.5] - 2021-04-12
+
+- Prefix all logging with `Sparoid: `
+
+## [1.0.4] - 2021-03-25
+
+- Only warn if config is missing when connecting with CLI
+
+## [1.0.3] - 2021-03-17
+
+- Nicer error handling in CLI, remove --fdpass option
+
+## [1.0.2] - 2021-03-15
+
+- `sparoid send` renamed to `sparoid auth`
+- `sparoid connect [host] [port]` added for automatic fd passing
+
+## [1.0.1] - 2021-03-12
+
+- --fdpass option to send
 
 ## [1.0.0] - 2021-03-11
 

data/lib/sparoid.rb

@@ -7,20 +7,41 @@ require "resolv"
 
 # Single Packet Authorisation client
 module Sparoid
-  def self.send(key, hmac_key, host, port)
+  extend self
+
+  # Send an authorization packet
+  def auth(key, hmac_key, host, port)
     msg = message(public_ip)
     data = prefix_hmac(hmac_key, encrypt(key, msg))
-    udp_send(host, port, data)
+    sendmsg(host, port, data)
   end
 
-  def self.udp_send(host, port, data)
-    socket = UDPSocket.new
-    socket.connect host, port
-    socket.send data, 0
-    socket.close
+  # Generate new aes and hmac keys, print to stdout
+  def keygen
+    cipher = OpenSSL::Cipher.new("aes-256-cbc")
+    key = cipher.random_key.unpack1("H*")
+    hmac_key = OpenSSL::Random.random_bytes(32).unpack1("H*")
+    puts "key = #{key}"
+    puts "hmac-key = #{hmac_key}"
+  end
+
+  # Connect to a TCP server and pass the FD to the parent
+  def fdpass(host, port, connect_timeout: 20)
+    tcp = Socket.tcp host, port, connect_timeout: connect_timeout
+    parent = Socket.for_fd(1)
+    parent.sendmsg "\0", 0, nil, Socket::AncillaryData.unix_rights(tcp)
+  end
+
+  private
+
+  def sendmsg(host, port, data)
+    UDPSocket.open do |socket|
+      socket.connect host, port
+      socket.sendmsg data, 0
+    end
   end
 
-  def self.encrypt(key, data)
+  def encrypt(key, data)
     key = [key].pack("H*") # hexstring to bytes
     raise ArgumentError, "Key must be 32 bytes hex encoded" if key.bytesize != 32
 
@@ -34,7 +55,7 @@ module Sparoid
     output << cipher.final
   end
 
-  def self.prefix_hmac(hmac_key, data)
+  def prefix_hmac(hmac_key, data)
     hmac_key = [hmac_key].pack("H*") # hexstring to bytes
     raise ArgumentError, "HMAC key must be 32 bytes hex encoded" if hmac_key.bytesize != 32
 
@@ -42,37 +63,29 @@ module Sparoid
     hmac + data
   end
 
-  def self.message(ip)
+  def message(ip)
     version = 1
     ts = (Time.now.utc.to_f * 1000).floor
     nounce = OpenSSL::Random.random_bytes(16)
     [version, ts, nounce, ip.address].pack("Nq>a16a4")
   end
 
-  def self.public_ip
-    Resolv::DNS.open(nameserver: ["resolver1.opendns.com"]) do |dns|
-      dns.each_address("myip.opendns.com") do |resolv|
-        case resolv
-        when Resolv::IPv4 then return resolv
-        end
-      end
-      raise Error, "No public IPv4 address found"
+  def public_ip
+    Resolv::DNS.open(nameserver: ["208.67.222.222", "208.67.220.220"]) do |dns|
+      dns.getresource("myip.opendns.com", Resolv::DNS::Resource::IN::A).address
     end
   end
 
-  def self.keygen
-    cipher = OpenSSL::Cipher.new("aes-256-cbc")
-    key = cipher.random_key.unpack1("H*")
-    hmac_key = OpenSSL::Random.random_bytes(32).unpack1("H*")
-    puts "key = #{key}"
-    puts "hmac-key = #{hmac_key}"
-  end
+  class Error < StandardError; end
 
-  def self.fdpass(host, port)
-    ssh = Socket.tcp host, port
-    parent = Socket.for_fd(1)
-    parent.sendmsg "\0", 0, nil, Socket::AncillaryData.unix_rights(ssh)
-  end
+  # Instance of SPAroid that only resolved public_ip once
+  class Instance
+    include Sparoid
 
-  class Error < StandardError; end
+    private
+
+    def public_ip
+      @public_ip ||= super
+    end
+  end
 end

data/lib/sparoid/cli.rb

@@ -6,19 +6,27 @@ require_relative "../sparoid"
 module Sparoid
   # CLI
   class CLI < Thor
-    desc "send HOST [PORT]", "Send a packet"
-    method_option :config, desc: "Path to a config file, INI format, with key and hmac-key"
-    method_option :fdpass,
-                  type: :numeric,
-                  desc: "After sending, open a TCP connection and pass the FD back to the calling process. \
-                         For use with OpenSSH ProxyCommand and ProxyUseFdpass"
-    def send(host, port = 8484)
-      config = File.expand_path(options[:config] || "~/.sparoid.ini")
-      abort "Config '#{config}' not found" unless File.exist? config
+    desc "auth HOST [PORT]", "Send a authorization packet"
+    method_option :config, desc: "Path to a config file, INI format, with key and hmac-key", default: "~/.sparoid.ini"
+    def auth(host, port = 8484)
+      send_auth(host, port, options[:config])
+    rescue Errno::ENOENT
+      abort "Sparoid: Config not found"
+    rescue StandardError => e
+      abort "Sparoid: #{e.message}"
+    end
 
-      key, hmac_key = get_keys(parse_ini(config))
-      Sparoid.send(key, hmac_key, host, port.to_i)
-      Sparoid.fdpass(host, options[:fdpass]) if options[:fdpass]
+    desc "connect HOST PORT [SPA-PORT]", "Send a SPA, TCP connect, and then pass the FD back to the parent"
+    method_option :config, desc: "Path to a config file, INI format, with key and hmac-key", default: "~/.sparoid.ini"
+    def connect(host, port, spa_port = 8484)
+      begin
+        send_auth(host, spa_port, options[:config])
+      rescue Errno::ENOENT
+        warn "Sparoid: Config not found"
+      end
+      Sparoid.fdpass(host, port)
+    rescue StandardError => e
+      abort "Sparoid: #{e.message}"
     end
 
     desc "keygen", "Generate an encryption key and a HMAC key"
@@ -32,8 +40,13 @@ module Sparoid
 
     private
 
+    def send_auth(host, port, config)
+      key, hmac_key = get_keys(parse_ini(config))
+      Sparoid.auth(key, hmac_key, host, port.to_i)
+    end
+
     def parse_ini(path)
-      File.readlines(path).map! { |l| l.split("=", 2).map!(&:strip) }.to_h
+      File.readlines(File.expand_path(path)).map! { |line| line.split("=", 2).map!(&:strip) }.to_h
     end
 
     def get_keys(config)

data/lib/sparoid/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Sparoid
-  VERSION = "1.0.1"
+  VERSION = "1.0.6"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sparoid
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.6
 platform: ruby
 authors:
 - Carl Hörberg
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2021-03-12 00:00:00.000000000 Z
+date: 2021-04-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -69,7 +69,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.2.3
 signing_key:
 specification_version: 4
 summary: Single Packet Authorisation client