watobo 0.9.21 → 0.9.23

data/lib/watobo/sockets/http_socket.rb

@@ -1,12 +1,3 @@
-#.
-# http_socket.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private
 module Watobo#:nodoc: all
   module HTTPSocket
@@ -116,28 +107,35 @@ module Watobo#:nodoc: all
 
     def self.get_ssl_cert_cn( host, port)
       cn = ""
+      # if target is an ip address we use the cn name of the certificate
+      # otherwise we return the hostname
+      return host unless host =~ /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/
+
       begin
         tcp_socket = TCPSocket.new( host, port )
         tcp_socket.setsockopt( Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1)
         tcp_socket.sync = true
         ctx = OpenSSL::SSL::SSLContext.new()
+       # puts ctx.ciphers
 
         ctx.tmp_dh_callback = proc { |*args|
           OpenSSL::PKey::DH.new(128)
         }
 
         socket = OpenSSL::SSL::SSLSocket.new(tcp_socket, ctx)
+        # need hostname for SNI (Server Name Indication)
+        # http://en.wikipedia.org/wiki/Server_Name_Indication
+        socket.hostname = host
 
         socket.connect
         cert = socket.peer_cert
 
-        if cert.subject.to_s =~ /cn=([^\/]*)/i
-        cn = $1
-        end
-        puts "Peer-Cert CN: #{cn}"
+        cn = $1 if cert.subject.to_s =~ /cn=([^\/]*)/i
+
         socket.io.shutdown(2)
       rescue => bang
         puts bang
+        puts ">> #{host}:#{port}"
         cn = host
       ensure
         socket.close if socket.respond_to? :close

data/lib/watobo/sockets/ntlm_auth.rb

@@ -1,140 +1,131 @@
-#.
-# ntlm_auth.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  module HTTPSocket
-    module NTLMAuth
-     
-      def do_ntlm_auth()
-        response_header = nil
-
-          auth_request = @request.copy
-
-          ntlm_challenge = nil
-          t1 = Watobo::NTLM::Message::Type1.new()
-          msg = "NTLM " + t1.encode64
-
-          auth_request.removeHeader("Connection")
-          auth_request.removeHeader("Authorization")
-
-          auth_request.addHeader("Authorization", msg)
-          auth_request.addHeader("Connection", "Keep-Alive")
-
-          if $DEBUG
-            puts "============= T1 ======================="
-            puts auth_request
-          end
-          
-          data = auth_request.join + "\r\n"
-          @connection.send data
-          
-          puts "-----------------" if $DEBUG
-      
-          response_header = []
-          rcode = nil
-          clen = nil
-          ntlm_challenge = nil
-          response_header = connection.read_header
-          response_header.each do |line|
-            if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
-              rcode = $1.to_i
-              rmsg = $2
-            end
-            if line =~ /^WWW-Authenticate: (NTLM) (.+)\r\n/
-              ntlm_challenge = $2
-            end
-            if line =~ /^Content-Length: (\d{1,})\r\n/
-              clen = $1.to_i
-            end
-            break if line.strip.empty?
-          end
-          #        puts "==================="
-
-      if $DEBUG
-        puts "--- T1 RESPONSE HEADERS ---"
-        puts response_header
-        puts "---"
-      end
-      
-      if rcode == 401 #Authentication Required
-            puts "[NTLM] got ntlm challenge: #{ntlm_challenge}" if $DEBUG
-            return socket, response_header if ntlm_challenge.nil?
-          elsif rcode == 200 # Ok
-            puts "[NTLM] seems request doesn't need authentication" if $DEBUG
-            return socket, Watobo::Response.new(response_header)
-          else
-        if $DEBUG
-              puts "[NTLM] ... !#*+.!*peep* ...."
-              puts response_header
-      end
-            return socket, Watobo::Response.new(response_header)
-          end
-
-          # reading rest of response
-      rest = ''
-          Watobo::HTTPSocket.read_body(socket, :max_bytes => clen){ |d| 
-         rest += d
-      }
-
-      if $DEBUG
-      puts "--- T1 RESPONSE BODY ---"
-      puts rest
-      puts "---"
-      end
-          t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
-          t3 = t2.response({:user => ntlm_credentials[:username],
-            :password => ntlm_credentials[:password],
-            :domain => ntlm_credentials[:domain]},
-          {:workstation => ntlm_credentials[:workstation], :ntlmv2 => true})
-
-          #     puts "* NTLM-Credentials: #{ntlm_credentials[:username]},#{ntlm_credentials[:password]}, #{ntlm_credentials[:domain]}, #{ntlm_credentials[:workstation]}"
-          auth_request.removeHeader("Authorization")
-          auth_request.removeHeader("Connection")
-
-         # auth_request.addHeader("Connection", "Close")
-
-          msg = "NTLM " + t3.encode64
-          auth_request.addHeader("Authorization", msg)
-          #      puts "============= T3 ======================="
-
-          data = auth_request.join + "\r\n"
-
-          if $DEBUG
-            puts "= NTLM Type 3 ="
-            puts data
-          end
-          @connection.send data
-
-          response_header = []
-          response_header = connection.header
-          response_header.each do |line|
-
-            if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
-              rcode = $1.to_i
-              rmsg = $2
-            end
-            break if line.strip.empty?
-          end
-
-          if rcode == 200 # Ok
-             puts "[NTLM] Authentication Successfull" if $DEBUG
-          elsif rcode == 401 # Authentication Required
-             # TODO: authorization didn't work -> do some notification
-            # ...
-            puts "[NTLM] could not authenticate. Bad credentials?"
-            puts ntlm_credentials.to_yaml
-          end
-
-          return socket, Watobo::Response.new(response_header)
-        
-      end
-end
-  end
+module Watobo#:nodoc: all
+  module HTTPSocket
+    module NTLMAuth
+     
+      def do_ntlm_auth()
+        response_header = nil
+
+          auth_request = @request.copy
+
+          ntlm_challenge = nil
+          t1 = Watobo::NTLM::Message::Type1.new()
+          msg = "NTLM " + t1.encode64
+
+          auth_request.removeHeader("Connection")
+          auth_request.removeHeader("Authorization")
+
+          auth_request.addHeader("Authorization", msg)
+          auth_request.addHeader("Connection", "Keep-Alive")
+
+          if $DEBUG
+            puts "============= T1 ======================="
+            puts auth_request
+          end
+          
+          data = auth_request.join + "\r\n"
+          @connection.send data
+          
+          puts "-----------------" if $DEBUG
+      
+          response_header = []
+          rcode = nil
+          clen = nil
+          ntlm_challenge = nil
+          response_header = connection.read_header
+          response_header.each do |line|
+            if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
+              rcode = $1.to_i
+              rmsg = $2
+            end
+            if line =~ /^WWW-Authenticate: (NTLM) (.+)\r\n/
+              ntlm_challenge = $2
+            end
+            if line =~ /^Content-Length: (\d{1,})\r\n/
+              clen = $1.to_i
+            end
+            break if line.strip.empty?
+          end
+          #        puts "==================="
+
+      if $DEBUG
+        puts "--- T1 RESPONSE HEADERS ---"
+        puts response_header
+        puts "---"
+      end
+      
+      if rcode == 401 #Authentication Required
+            puts "[NTLM] got ntlm challenge: #{ntlm_challenge}" if $DEBUG
+            return socket, response_header if ntlm_challenge.nil?
+          elsif rcode == 200 # Ok
+            puts "[NTLM] seems request doesn't need authentication" if $DEBUG
+            return socket, Watobo::Response.new(response_header)
+          else
+        if $DEBUG
+              puts "[NTLM] ... !#*+.!*peep* ...."
+              puts response_header
+      end
+            return socket, Watobo::Response.new(response_header)
+          end
+
+          # reading rest of response
+      rest = ''
+          Watobo::HTTPSocket.read_body(socket, :max_bytes => clen){ |d| 
+         rest += d
+      }
+
+      if $DEBUG
+      puts "--- T1 RESPONSE BODY ---"
+      puts rest
+      puts "---"
+      end
+          t2 = Watobo::NTLM::Message.decode64(ntlm_challenge)
+          t3 = t2.response({:user => ntlm_credentials[:username],
+            :password => ntlm_credentials[:password],
+            :domain => ntlm_credentials[:domain]},
+          {:workstation => ntlm_credentials[:workstation], :ntlmv2 => true})
+
+          #     puts "* NTLM-Credentials: #{ntlm_credentials[:username]},#{ntlm_credentials[:password]}, #{ntlm_credentials[:domain]}, #{ntlm_credentials[:workstation]}"
+          auth_request.removeHeader("Authorization")
+          auth_request.removeHeader("Connection")
+
+         # auth_request.addHeader("Connection", "Close")
+
+          msg = "NTLM " + t3.encode64
+          auth_request.addHeader("Authorization", msg)
+          #      puts "============= T3 ======================="
+
+          data = auth_request.join + "\r\n"
+
+          if $DEBUG
+            puts "= NTLM Type 3 ="
+            puts data
+          end
+          @connection.send data
+
+          response_header = []
+          response_header = connection.header
+          response_header.each do |line|
+
+            if line =~ /^HTTP\/\d\.\d (\d+) (.*)/ then
+              rcode = $1.to_i
+              rmsg = $2
+            end
+            break if line.strip.empty?
+          end
+
+          if rcode == 200 # Ok
+             puts "[NTLM] Authentication Successfull" if $DEBUG
+          elsif rcode == 401 # Authentication Required
+             # TODO: authorization didn't work -> do some notification
+            # ...
+            puts "[NTLM] could not authenticate. Bad credentials?"
+            puts ntlm_credentials.to_yaml
+          end
+
+          return socket, Watobo::Response.new(response_header)
+        
+      end
+end
+  end
 end

data/lib/watobo/utils.rb

@@ -1,21 +1,12 @@
-#.
-# utils.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  module Utils
-    utils_path = File.expand_path(File.join(File.dirname(__FILE__), "utils"))
-    #puts "* loading utils #{utils_path}"
-    Dir.glob("#{utils_path}/*.rb").each do |cf|
-      puts "+ #{File.basename(cf)}" if $DEBUG
-      require File.join("watobo","utils", File.basename(cf))
-
-    end
-  end
+module Watobo#:nodoc: all
+  module Utils
+    utils_path = File.expand_path(File.join(File.dirname(__FILE__), "utils"))
+    #puts "* loading utils #{utils_path}"
+    Dir.glob("#{utils_path}/*.rb").each do |cf|
+      puts "+ #{File.basename(cf)}" if $DEBUG
+      require File.join("watobo","utils", File.basename(cf))
+
+    end
+  end
 end

data/lib/watobo/utils/check_regex.rb

@@ -1,12 +1,3 @@
-#.
-# check_regex.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
 module Watobo#:nodoc: all
   module Utils

data/lib/watobo/utils/copy_object.rb

@@ -1,12 +1,3 @@
-#.
-# copy_object.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
 module Watobo#:nodoc: all
   module Utils

data/lib/watobo/utils/crypto.rb

@@ -1,12 +1,3 @@
-#.
-# crypto.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 require 'openssl'
 require 'digest/sha1'
 require 'base64'

data/lib/watobo/utils/expand_range.rb

@@ -1,34 +1,25 @@
-#.
-# expand_range.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  module Utils
-    # expand range creates an array out of 
-    def self.expand_range(pattern)
-      vals = pattern.split(",")
-
-      result = []
-      vals.each do |v|
-        v.strip!
-        if v =~ /^(\d+)$/ then
-          result.push $1.to_i
-        elsif v =~ /^(\d+)-(\d+)$/
-          start = $1
-          stop = $2
-          dummy = (start..stop).to_a
-          result.concat dummy
-        end
-      end
-      result.uniq!
-      return result
-    end
-
-  end
+module Watobo#:nodoc: all
+  module Utils
+    # expand range creates an array out of 
+    def self.expand_range(pattern)
+      vals = pattern.split(",")
+
+      result = []
+      vals.each do |v|
+        v.strip!
+        if v =~ /^(\d+)$/ then
+          result.push $1.to_i
+        elsif v =~ /^(\d+)-(\d+)$/
+          start = $1
+          stop = $2
+          dummy = (start..stop).to_a
+          result.concat dummy
+        end
+      end
+      result.uniq!
+      return result
+    end
+
+  end
 end