Class: Snxvpn::CLI

Inherits:

Object

• Object
• Snxvpn::CLI

Defined in:

lib/snxvpn/cli.rb

Instance Attribute Summary

• #config ⇒ Object readonly

  Returns the value of attribute config.

• #http ⇒ Object readonly

  Returns the value of attribute http.

Instance Method Summary

• #initialize(profile, config_path: File.join(ENV['HOME'], '.snxvpn')) ⇒ CLI constructor

  A new instance of CLI.

• #run(retries = 10) ⇒ Object

Constructor Details

#initialize(profile, config_path: File.join(ENV['HOME'], '.snxvpn')) ⇒ CLI

Returns a new instance of CLI.

# File 'lib/snxvpn/cli.rb', line 16

def initialize(profile, config_path: File.join(ENV['HOME'], '.snxvpn'))
  @config = Config.new(config_path, profile)
  @http = Net::HTTP.new(@config[:host], 443)
  @http.use_ssl = true
  @cookies = ["selected_realm=#{@config[:realm]}"]
end

Instance Attribute Details

#config ⇒ Object (readonly)

Returns the value of attribute config.

# File 'lib/snxvpn/cli.rb', line 14

def config
  @config
end

#http ⇒ Object (readonly)

Returns the value of attribute http.

# File 'lib/snxvpn/cli.rb', line 14

def http
  @http
end

Instance Method Details

#run(retries = 10) ⇒ Object

# File 'lib/snxvpn/cli.rb', line 23

def run(retries = 10)
  # find RSA.js
  resp       = get(config[:entry_path])
  rsa_path   = resp.body.match(/<script .*?src *\= *["'](.*RSA.js)["']/).to_a[1]
  raise RetryableError, "Unable to detect a RSA.js script reference on login page" unless rsa_path

  # store paths
  login_path = resp.uri
  rsa_path   = File.expand_path(rsa_path, File.dirname(login_path))

  # fetch RSA.js and parse RSA
  rsa  = RSA.parse(get(rsa_path).body)
  raise RetryableError "Unable to detect modulus/exponent in RSA.js script" unless rsa

  # post to login
  resp = post(login_path,
    password: rsa.hex_encrypt(config[:password]),
    userName: config[:username],
    selectedRealm: config[:realm],
    loginType: config[:login_type],
    HeightData: '',
    vpid_prefix: '',
  )
  raise RetryableError, "Expected redirect to multi-challenge, but got #{resp.uri}" unless resp.uri.include?('MultiChallenge')

  # request OTP until successful
  inputs  = resp.body.scan(/<input.*?type="hidden".*?name="(username|params|HeightData)"(?:.*?value="(.+?)")?/)
  payload = Hash[inputs]
  while resp.uri.include?('MultiChallenge')
    print " + Enter one-time password: "
    otp  = gets.strip
    payload['password'] = rsa.hex_encrypt(otp)
    resp = post(resp.uri, payload)
  end

  # request extender info
  ext_info = ExtInfo.new get("/SNX/extender").body
  raise RetryableError, "Unable to retrieve extender information" if ext_info.empty?

  output, status = Open3.capture2(config[:snx_path], '-Z')
  raise RetryableError, "Unable to start snx: #{output}" unless status.success?

  Socket.tcp('127.0.0.1', 7776) do |sock|
    sock.write(ext_info.payload)
    sock.recv(4096) # read answer
    puts ' = Connected! Please leave this running to keep VPN open.'
    sock.recv(4096) # block until snx process dies
  end

  puts ' ! Connection closed. Exiting...'
rescue RetryableError
  raise if retries < 1

  puts ' ! #{e.message}. Retrying...'
  sleep 1
  run(retries - 1)
end