watobo 0.9.19 → 0.9.20

data/lib/watobo/core/scope.rb

@@ -1,106 +1,94 @@
-# .
+#.
 # scope.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
-# @private 
-module Watobo#:nodoc: all
-  class Scope
-    @scope = {}
-    def self.to_s
-      @scope.to_yaml
-    end
-
-    def self.to_yaml
-      @scope.to_yaml
-    end
-
-    def self.set(scope)
-      @scope = scope
-    end
-
-    def self.exist?
-      return false if @scope.empty?
-      @scope.each_value do |s|
-        return true if s[:enabled] == true
-      end
-      return false
-    end
-
-    def self.reset
-      @scope = {}
-    end
-
-    def self.each(&block)
-      if block_given?
-        @scope.each do |site, scope|
-          yield [ site, scope]
-        end
-      end
-    end
-
-    def self.match_site?(site)
-      return true if @scope.empty?
-      @scope.has_key? site
-    end
-
-    def self.match_chat?(chat)
-      #puts @scope.to_yaml
-      return true if @scope.empty?
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 
-      site = chat.request.site
-
-      if @scope.has_key? site
-
-        path = chat.request.path
-        url = chat.request.url.to_s
-        scope = @scope[site]
-       
-        if scope.has_key? :root_path
-          unless scope[:root_path].empty?
-            return false unless path =~ /^(\/)?#{scope[:root_path]}/i
-          end
-        end
-        return true unless scope.has_key? :excluded_paths
-       
-
-        scope[:excluded_paths].each do |p|
-         # puts "#{url} - #{p}"
-          return false if url =~ /#{p}/
-        end
-        
-      return true
-      end
-      return false
-    end
-
-    def self.add(site)
-
-      scope_details = {
-        :site => site,
-        :enabled => true,
-        :root_path => '',
-        :excluded_paths => [],
-      }
-
-      @scope[site] = scope_details
-      return true
-    end
-  end
+# @private 
+module Watobo#:nodoc: all
+  class Scope
+    @scope = {}
+    def self.to_s
+      @scope.to_yaml
+    end
+
+    def self.to_yaml
+      @scope.to_yaml
+    end
+
+    def self.set(scope)
+      @scope = scope
+    end
+
+    def self.exist?
+      return false if @scope.empty?
+      @scope.each_value do |s|
+        return true if s[:enabled] == true
+      end
+      return false
+    end
+
+    def self.reset
+      @scope = {}
+    end
+
+    def self.each(&block)
+      if block_given?
+        @scope.each do |site, scope|
+          yield [ site, scope]
+        end
+      end
+    end
+
+    def self.match_site?(site)
+      return true if @scope.empty?
+      @scope.has_key? site
+    end
+
+    def self.match_chat?(chat)
+      #puts @scope.to_yaml
+      return true if @scope.empty?
+
+      site = chat.request.site
+
+      if @scope.has_key? site
+
+        path = chat.request.path
+        url = chat.request.url.to_s
+        scope = @scope[site]
+       
+        if scope.has_key? :root_path
+          unless scope[:root_path].empty?
+            return false unless path =~ /^(\/)?#{scope[:root_path]}/i
+          end
+        end
+        return true unless scope.has_key? :excluded_paths
+       
+
+        scope[:excluded_paths].each do |p|
+         # puts "#{url} - #{p}"
+          return false if url =~ /#{p}/
+        end
+        
+      return true
+      end
+      return false
+    end
+
+    def self.add(site)
+
+      scope_details = {
+        :site => site,
+        :enabled => true,
+        :root_path => '',
+        :excluded_paths => [],
+      }
+
+      @scope[site] = scope_details
+      return true
+    end
+  end
 end

data/lib/watobo/core/session.rb

@@ -1,24 +1,12 @@
-# .
+#.
 # session.rb
-# 
-# Copyright 2013 by siberas, http://www.siberas.de
-# 
-# This file is part of WATOBO (Web Application Tool Box)
-#        http://watobo.sourceforge.com
-# 
-# WATOBO is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation version 2 of the License.
-# 
-# WATOBO is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-# 
-# You should have received a copy of the GNU General Public License
-# along with WATOBO; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-# .
+#.
+# Copyright 2014 by siberas, http://www.siberas.de
+# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
+# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
+# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
 # @private 
 module Watobo#:nodoc: all
     
@@ -114,7 +102,17 @@ module Watobo#:nodoc: all
           #end
           #puts
           if current_prefs[:update_contentlength] == true and request.has_body? then
+           # puts "\n* Updating Content-Length ..."
+           # puts "OLD: #{request.content_length}"
+           # puts "BodyLen: #{request.body.length}"
+            b = request.body
+            #puts b.length
+            #puts request.body.unpack("H*")[0]
+            #puts (request.body.unpack("H*")[0].length / 2).to_s
             request.fix_content_length()
+            #puts "New: #{request.content_length}"
+            #puts request.body.encoding
+            #puts "--"
           end
 
           #request.add_header("Via", "Watobo") if use_proxy
@@ -156,14 +154,14 @@ module Watobo#:nodoc: all
                   response_header = readHTTPHeader(socket, current_prefs)
                 end
               end
-              return socket, request, response_header
+              return socket, Request.new(request), Response.new(response_header)
             end
             #  puts "* doProxyRequest"
             socket, response_header = doProxyRequest(request, proxy, current_prefs)
             #   puts socket.class
             return socket, response_header, error_response("Could Not Connect To Proxy: #{proxy.name} (#{proxy.host}:#{proxy.port})\n", "#{response_header}") if socket.nil?
 
-            return socket, request, response_header
+            return socket, Request.new(request), Response.new(response_header)
           else
             # direct connection to host
             tcp_socket = nil
@@ -221,12 +219,24 @@ module Watobo#:nodoc: all
             else
               # puts "========== Add Headers"
              
-              request.set_header("Connection", "close") #if not use_proxy
+            request.set_header("Connection", "close") #if not use_proxy
 
               data = request.join
               unless request.has_body? 
                 data << "\r\n" unless data =~ /\r\n\r\n$/ 
               end
+              
+           #  puts "\n*** SENDING ..."
+           #  puts data
+            #  if request.has_body?
+            #    puts request.body.length
+            #    bhex = request.body.unpack("H*")[0]
+            #    puts bhex
+            #    puts bhex.length
+            #  end
+             
+             
+             
             # puts "= SESSION ="
             # puts data
            #  puts data.unpack("H*")[0]#.gsub(/0d0a/,"0d0a\n")
@@ -261,12 +271,13 @@ module Watobo#:nodoc: all
           response = error_response "TimeOut (#{host}:#{port})"
           socket = nil
         rescue Errno::ETIMEDOUT
+          puts "TimeOut (#{host}:#{port})"
           response = error_response "TimeOut (#{host}:#{port})"
           socket = nil
         rescue Errno::ENOTCONN
           puts "!!!ENOTCONN"
         rescue OpenSSL::SSL::SSLError
-          response = error_response "SSL-Error", $!.backtrace.join
+          response = error_response "SSL-Error", $!.to_s + "<br>" + $!.backtrace.join("<br>")
           socket = nil
         rescue => bang
           response = error_response "ERROR:", "#{bang}\n#{bang.backtrace}"
@@ -316,8 +327,15 @@ module Watobo#:nodoc: all
               #  p "*"
               #    csrf_response = readHTTPHeader(socket)
               readHTTPBody(socket, csrf_response, csrf_request, opts)
+              
+             # response = Response.new(csrf_response)
+                           
 
-              next if csrf_response.body.nil?
+              next unless csrf_response.has_body?
+              
+              csrf_response.unchunk!
+              csrf_response.unzip! 
+              
               @sid_cache.update_sids(csrf_request.site, [csrf_response.body]) if @session[:update_sids] == true
 
               # updateCSRFCache(csrf_cache, csrf_request, [csrf_response.body]) if csrf_response.content_type =~ /text\//
@@ -342,14 +360,18 @@ module Watobo#:nodoc: all
           
           if @session[:follow_redirect]
  # puts response.status
-  if response.status =~ /^302/
+  if response.status =~ /^30(1|2|8)/
     #response.extend Watobo::Mixin::Parser::Web10
     #request.extend Watobo::Mixin::Shaper::Web10
 
     loc_header = response.headers("Location:").first
     new_location = loc_header.gsub(/^[^:]*:/,'').strip
     unless new_location =~ /^http/
-      new_location = request.proto + "://" + request.site + "/" + request.dir + "/" + new_location.sub(/^[\.\/]*/,'')
+      if new_location =~ /^\//
+        new_location = request.proto + "://" + request.site  + new_location      
+      else
+        new_location = request.proto + "://" + request.site + "/" + request.dir + "/" + new_location.sub(/^[\.\/]*/,'')
+      end
     end
     
     notify(:follow_redirect, new_location)
@@ -384,14 +406,19 @@ end
           #  puts "! Error in doRequest"
           puts "! Module #{Module.nesting[0].name}"
           puts bang
-          #  puts bang.backtrace if $DEBUG
+          puts bang.backtrace if $DEBUG
           @lasterror = bang
           # raise
           # ensure
         end
 
-        response.extend Watobo::Mixin::Parser::Web10
-        return request, response
+        #response.extend Watobo::Mixin::Parser::Web10
+       # resp = Watobo::Response.new(response)
+      
+        response.unchunk!
+        response.unzip!
+        
+        return Request.new(request), response
       end
 
       def addProxy(prefs=nil)
@@ -431,7 +458,7 @@ end
       # :update_valid_sids => false,
       # :update_sids => false,
       # :update_contentlength => true
-      def initialize( session_id, prefs={} )
+      def initialize( session_id=nil, prefs={} )
         
         @event_dispatcher_listeners = Hash.new
         #     @session = {}
@@ -488,6 +515,7 @@ end
           elsif  clen > 0
             #  puts "* read #{clen} bytes for body"
             Watobo::HTTPSocket.read_body(socket, :max_bytes => clen) { |c|
+              
               data += c
               break if data.length == clen
             }
@@ -522,29 +550,40 @@ end
       #def doNtlmAuth(socket, request, ntlm_credentials)
       def wwwAuthNTLM(socket, request, ntlm_credentials)
         response_header = nil
+        auth_method = "NTLM"
         begin
-          auth_request = request.copy
+          head_request = request.copy         
+          head_request.setMethod(:head)         
+          head_request.removeBody         
+          head_request.removeHeader("Content-Length")         
+          data = head_request.join + "\r\n"
+          
+          socket.print data
+          
+          response_header = readHTTPHeader(socket)
+          response_header.each do |line|
+            if line =~ /^www-authenticat.*((Negotiate|NTLM))/i then
+              #puts line
+              auth_method = $1
+              break
+            end
+            #break if line.strip.empty?
+          end
 
           ntlm_challenge = nil
-          t1 = Net::NTLM::Message::Type1.new()
-          msg = "NTLM " + t1.encode64
-
-          #auth_request.removeHeader("Connection")
-          #auth_request.removeHeader("Authorization")
-
-          auth_request.set_header("Authorization", msg)
-          auth_request.set_header("Connection", "Keep-Alive")
-
-          if $DEBUG
-            puts "============= T1 ======================="
-            puts auth_request
-      end
+          t1 = Watobo::NTLM::Message::Type1.new()
+          %w(workstation domain).each do |a|
+            t1.send("#{a}=",'')
+            t1.enable(a.to_sym)
+          end
           
-          data = auth_request.join + "\r\n"
+          msg = "#{auth_method} #{t1.encode64}"
+          head_request.set_header("Authorization", msg)
+                  
+          data = head_request.join + "\r\n"
+           
           socket.print data
           
-      puts "-----------------" if $DEBUG
-      
           response_header = []
           rcode = nil
           clen = nil
@@ -555,7 +594,7 @@ end
               rcode = $1.to_i
               rmsg = $2
             end
-            if line =~ /^WWW-Authenticate: (NTLM) (.+)\r\n/
+            if line =~ /^WWW-Authenticate: (NTLM|Negotiate) (.+)\r\n/
               ntlm_challenge = $2
             end
             if line =~ /^Content-Length: (\d{1,})\r\n/
@@ -563,13 +602,7 @@ end
             end
             break if line.strip.empty?
           end
-          #        puts "==================="
-
-      if $DEBUG
-        puts "--- T1 RESPONSE HEADERS ---"
-        puts response_header
-      puts "---"
-      end
+          
       if rcode == 401 #Authentication Required
             puts "[NTLM] got ntlm challenge: #{ntlm_challenge}" if $DEBUG
             return socket, response_header if ntlm_challenge.nil?
@@ -584,45 +617,33 @@ end
             return socket, Watobo::Response.new(response_header)
           end
 
-          # reading rest of response
-      rest = ''
-          Watobo::HTTPSocket.read_body(socket, :max_bytes => clen){ |d| 
-         rest += d
-      }
-
-      if $DEBUG
-      puts "--- T1 RESPONSE BODY ---"
-      puts rest
-      puts "---"
-      end
-          t2 = Net::NTLM::Message.decode64(ntlm_challenge)
-          t3 = t2.response({:user => ntlm_credentials[:username],
+     
+          t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
+          domain = ntlm_credentials.has_key?(:domain) ? Watobo::UTF16.encode_utf16le(ntlm_credentials[:domain].upcase) : ""
+          creds = {:user => ntlm_credentials[:username],
             :password => ntlm_credentials[:password],
-            :domain => ntlm_credentials[:domain]},
-          {:workstation => ntlm_credentials[:workstation], :ntlmv2 => true})
-
-          #     puts "* NTLM-Credentials: #{ntlm_credentials[:username]},#{ntlm_credentials[:password]}, #{ntlm_credentials[:domain]}, #{ntlm_credentials[:workstation]}"
-          #auth_request.removeHeader("Authorization")
-          #auth_request.removeHeader("Connection")
+            :domain => domain,
+            :workstation => Watobo::UTF16.encode_utf16le(Socket.gethostname)
+            }
+            
+          t3 = t2.response( creds,            
+            {:ntlmv2 => true}
+            )
+        
+         auth_request = request.copy
 
           auth_request.set_header("Connection", "close")
 
-          msg = "NTLM " + t3.encode64
+          msg = "#{auth_method} #{t3.encode64}"
           auth_request.set_header("Authorization", msg)
           #      puts "============= T3 ======================="
 
           data = auth_request.join + "\r\n"
-
-          if $DEBUG
-            puts "= NTLM Type 3 ="
-            puts data
-          end
           socket.print data
 
           response_header = []
           response_header = readHTTPHeader(socket)
           response_header.each do |line|
-           # puts line
 
             if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
               rcode = $1.to_i
@@ -637,7 +658,6 @@ end
             # TODO: authorization didn't work -> do some notification
             # ...
             puts "[NTLM] could not authenticate. Bad credentials?"
-            puts ntlm_credentials.to_yaml
           end
 
           return socket, Watobo::Response.new(response_header)
@@ -748,7 +768,7 @@ end
             case proxy.auth_type
             when AUTH_TYPE_NTLM
 
-              t1 = Net::NTLM::Message::Type1.new()
+              t1 = Watobo::NTLM::Message::Type1.new()
               msg = "NTLM " + t1.encode64
               request.addHeader("Proxy-Authorization", msg)
 
@@ -794,7 +814,7 @@ end
 
               return socket, response_header if ntlm_challenge.nil? or ntlm_challenge == ""
 
-              t2 = Net::NTLM::Message.decode64(ntlm_challenge)
+              t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
               t3 = t2.response( { :user => proxy.username,
                 :password => proxy.password,
                 :domain => proxy.domain },
@@ -857,6 +877,8 @@ end
           return socket, response_header
         rescue => bang
           puts bang
+          puts proxy
+          puts prefs
           return nil, error_response(bang)
         end
         # return nil, nil
@@ -878,7 +900,7 @@ end
         response_header = []
 
         ntlm_challenge = nil
-        t1 = Net::NTLM::Message::Type1.new()
+        t1 = Watobo::NTLM::Message::Type1.new()
         msg = "NTLM " + t1.encode64
 
         request.addHeader("Proxy-Authorization", msg)
@@ -923,7 +945,7 @@ end
           #puts d
         }
 
-        t2 = Net::NTLM::Message.decode64(ntlm_challenge)
+        t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
         t3 = t2.response({:user => proxy.username, :password => proxy.password, :workstation => proxy.workstation, :domain => proxy.domain}, {:ntlmv2 => true})
         #request.removeHeader("Proxy-Authorization")
         #  request.removeHeader("Proxy-Connection")