Merge branch 'socket-authenticator-option' into ci-allow-local-multi-…

…build

packages/dart/noports_core/CHANGELOG.md

@@ -1,3 +1,19 @@
+# 6.0.0
+- Added ability to authenticate to the socket rendezvous, and made this the 
+  default behaviour.
+- Added ability to end-to-end encrypt all traffic via the socket rendezvous (
+  SR), and made this the default behaviour. This provides a good general defense
+  against compromise by man-in-the-middle attacks if the two ends are
+  communicating via the SR. The encryption is implemented by exchanging a 
+  symmetric key via an ephemeral encryption keypair generated by the client 
+  for every session.
+- Added ability to "ping" a daemon for info about it, including which 
+  features the daemon supports.
+- By default, sshnp now immediately drops into a prompt for clients that don't
+  support sshnp.canRunShell(). `-x` flag allows the ssh command to be output 
+  instead of executing ssh immediately.
+- Renamed everything sshrvd and sshrv to srvd and srv respectively
+
 # 5.0.4
 
 - refactor: move the `findLocalPortIfRequired` function to `EphemeralPortBinder`, a mixin on `SshnpCore`

packages/dart/noports_core/lib/src/common/default_args.dart

@@ -18,10 +18,10 @@ class DefaultArgs {
   static const bool addForwardsToTunnel = false;
   static final bool allowLocalFileSystem =
       Platform.isLinux || Platform.isMacOS || Platform.isWindows;
-  static const bool authenticateClientToRvd = false;
-  static const bool authenticateDeviceToRvd = false;
-  static const bool encryptRvdTraffic = false;
-  static const bool discoverDaemonFeatures = false;
+  static const bool authenticateClientToRvd = true;
+  static const bool authenticateDeviceToRvd = true;
+  static const bool encryptRvdTraffic = true;
+  static const bool discoverDaemonFeatures = true;
 }
 
 class DefaultSshnpArgs {

packages/dart/noports_core/lib/src/srv/srv_impl.dart

@@ -35,7 +35,7 @@ class SrvImplExec implements Srv<Process> {
   final String? sessionIVString;
 
   @visibleForTesting
-  static const completionString = 'rv is running';
+  static const completionString = 'rv started successfully';
 
   SrvImplExec(
     this.host,
@@ -220,7 +220,11 @@ class SrvImplDart implements Srv<SocketConnector> {
       }
 
       // Do not remove this output; it is specifically looked for in
-      // SrvImplExec.run
+      // [SrvImplExec.run]. Why, you ask? Well, we have to wait until the srv
+      // has fully started - i.e. on the daemon side, established two outbound
+      // sockets, and on the client side, established one outbound socket and
+      // bound to a port. Looking for specific output when the rv is ready to
+      // do its job seems to be the only way to do this.
       stderr.writeln(SrvImplExec.completionString);
 
       return socketConnector;

packages/dart/noports_core/lib/src/srvd/srvd_impl.dart

@@ -62,7 +62,12 @@ class SrvdImpl implements Srvd {
       FutureOr<AtClient> Function(SrvdParams)? atClientGenerator,
       void Function(Object, StackTrace)? usageCallback}) async {
     try {
-      var p = await SrvdParams.fromArgs(args);
+      SrvdParams p;
+      try {
+        p = await SrvdParams.fromArgs(args);
+      } on FormatException catch (e) {
+        throw ArgumentError(e.message);
+      }
 
       if (!await File(p.atKeysFilePath).exists()) {
         throw ('\n Unable to find .atKeys file : ${p.atKeysFilePath}');

packages/dart/noports_core/lib/src/sshnpd/sshnpd.dart

@@ -69,15 +69,22 @@ abstract class Sshnpd {
   /// - [SupportedSshAlgorithm.rsa]
   abstract final SupportedSshAlgorithm sshAlgorithm;
 
-  static Future<Sshnpd> fromCommandLineArgs(List<String> args,
-      {AtClient? atClient,
-      FutureOr<AtClient> Function(SshnpdParams)? atClientGenerator,
-      void Function(Object, StackTrace)? usageCallback}) async {
+  /// The version of whatever program is using this library.
+  abstract final String version;
+
+  static Future<Sshnpd> fromCommandLineArgs(
+    List<String> args, {
+    AtClient? atClient,
+    FutureOr<AtClient> Function(SshnpdParams)? atClientGenerator,
+    void Function(Object, StackTrace)? usageCallback,
+    required String version,
+  }) async {
     return SshnpdImpl.fromCommandLineArgs(
       args,
       atClient: atClient,
       atClientGenerator: atClientGenerator,
       usageCallback: usageCallback,
+      version: version,
     );
   }
 

packages/dart/noports_core/lib/src/sshnpd/sshnpd_impl.dart

@@ -61,11 +61,17 @@ class SshnpdImpl implements Sshnpd {
   @visibleForTesting
   bool initialized = false;
 
+  /// The version of whatever program is using this library.
+  @override
+  final String version;
+
   /// State variables used by [_notificationHandler]
   String _privateKey = '';
 
   static const String commandToSend = 'sshd';
 
+  late final Map<String, dynamic> pingResponse;
+
   SshnpdImpl({
     // final fields
     required this.atClient,
@@ -79,17 +85,37 @@ class SshnpdImpl implements Sshnpd {
     this.localSshdPort = DefaultArgs.localSshdPort,
     required this.ephemeralPermissions,
     required this.sshAlgorithm,
+    required this.version,
   }) {
     logger.hierarchicalLoggingEnabled = true;
     logger.logger.level = Level.SHOUT;
+
+    pingResponse = {
+      'devicename': device,
+      'version': version,
+      'corePackageVersion': packageVersion,
+      'supportedFeatures': {
+        DaemonFeatures.srAuth.name: true,
+        DaemonFeatures.srE2ee.name: true,
+        DaemonFeatures.acceptsPublicKeys.name: addSshPublicKeys,
+      },
+    };
   }
 
-  static Future<Sshnpd> fromCommandLineArgs(List<String> args,
-      {AtClient? atClient,
-      FutureOr<AtClient> Function(SshnpdParams)? atClientGenerator,
-      void Function(Object, StackTrace)? usageCallback}) async {
+  static Future<Sshnpd> fromCommandLineArgs(
+    List<String> args, {
+    AtClient? atClient,
+    FutureOr<AtClient> Function(SshnpdParams)? atClientGenerator,
+    void Function(Object, StackTrace)? usageCallback,
+    required String version,
+  }) async {
     try {
-      var p = await SshnpdParams.fromArgs(args);
+      SshnpdParams p;
+      try {
+        p = await SshnpdParams.fromArgs(args);
+      } on FormatException catch (e) {
+        throw ArgumentError(e.message);
+      }
 
       // Check atKeyFile selected exists
       if (!await File(p.atKeysFilePath).exists()) {
@@ -119,6 +145,7 @@ class SshnpdImpl implements Sshnpd {
         localSshdPort: p.localSshdPort,
         ephemeralPermissions: p.ephemeralPermissions,
         sshAlgorithm: p.sshAlgorithm,
+        version: version,
       );
 
       if (p.verbose) {
@@ -303,15 +330,6 @@ class SshnpdImpl implements Sshnpd {
         ..namespaceAware = true);
 
     /// send a heartbeat back
-    var pingResponse = {
-      'devicename': device,
-      'version': packageVersion,
-      'supportedFeatures': {
-        DaemonFeatures.srAuth.name: true,
-        DaemonFeatures.srE2ee.name: true,
-        DaemonFeatures.acceptsPublicKeys.name: addSshPublicKeys,
-      },
-    };
     unawaited(
       _notify(
         atKey: atKey,
@@ -990,10 +1008,7 @@ class SshnpdImpl implements Sshnpd {
       logger.info('Updating device info for $device');
       await atClient.put(
         atKey,
-        jsonEncode({
-          'devicename': device,
-          'version': packageVersion,
-        }),
+        jsonEncode(pingResponse),
         putRequestOptions: PutRequestOptions()..useRemoteAtServer = true,
       );
     } catch (e) {

packages/dart/noports_core/pubspec.yaml

@@ -2,7 +2,7 @@ name: noports_core
 description: Core library code for sshnoports
 homepage: https://docs.atsign.com/
 
-version: 5.1.0
+version: 6.0.0
 
 environment:
   sdk: ">=3.0.0 <4.0.0"

packages/dart/sshnoports/bin/srv.dart

@@ -3,52 +3,73 @@ import 'dart:io';
 import 'package:args/args.dart';
 import 'package:noports_core/srv.dart';
 import 'package:socket_connector/socket_connector.dart';
+import 'package:sshnoports/src/print_version.dart';
 
 Future<void> main(List<String> args) async {
   final ArgParser parser = ArgParser()
-    ..addOption('host', abbr: 'h', mandatory: true, help: 'rvd host')
-    ..addOption('port', abbr: 'p', mandatory: true, help: 'rvd port')
-    ..addOption('local-port',
+    ..addOption(
+        'host', abbr: 'h', mandatory: true, help: 'rvd host')..addOption(
+        'port', abbr: 'p', mandatory: true, help: 'rvd port')..addOption(
+        'local-port',
         defaultsTo: '22',
         help: 'Local port (usually the sshd port) to bridge to; defaults to 22')
     ..addFlag('bind-local-port',
         defaultsTo: false,
         negatable: false,
-        help: 'Set this flag when we are bridging from a local sender')
-    ..addFlag('rv-auth',
+        help: 'Set this flag when we are bridging from a local sender')..addFlag(
+        'rv-auth',
         defaultsTo: false,
-        help: 'Whether this rv process will authenticate to rvd')
-    ..addFlag('rv-e2ee',
+        help: 'Whether this rv process will authenticate to rvd')..addFlag(
+        'rv-e2ee',
         defaultsTo: false,
         help: 'Whether this rv process will encrypt/decrypt'
             ' all rvd socket traffic');
-  final parsed = parser.parse(args);
-
-  final String host = parsed['host'];
-  final int streamingPort = int.parse(parsed['port']);
-  final int localPort = int.parse(parsed['local-port']);
-  final bool bindLocalPort = parsed['bind-local-port'];
-  final bool rvAuth = parsed['rv-auth'];
-  final bool rvE2ee = parsed['rv-e2ee'];
-
-  String? rvdAuthString = rvAuth ? Platform.environment['RV_AUTH'] : null;
-  String? sessionAESKeyString = rvE2ee ? Platform.environment['RV_AES'] : null;
-  String? sessionIVString = rvE2ee ? Platform.environment['RV_IV'] : null;
-
-  SocketConnector connector = await Srv.dart(
-    host,
-    streamingPort,
-    localPort: localPort,
-    bindLocalPort: bindLocalPort,
-    rvdAuthString: rvdAuthString,
-    sessionAESKeyString: sessionAESKeyString,
-    sessionIVString: sessionIVString,
-  ).run();
-
-  /// Shut myself down once the socket connector closes
-  stderr.writeln('Waiting for connector to close');
-  await connector.done;
-
-  stderr.writeln('Closed - exiting');
-  exit(0);
+
+  try {
+    final ArgResults parsed;
+    try {
+      parsed = parser.parse(args);
+    } on FormatException catch (e) {
+      throw ArgumentError(e.message);
+    }
+
+    final String host = parsed['host'];
+    final int streamingPort = int.parse(parsed['port']);
+    final int localPort = int.parse(parsed['local-port']);
+    final bool bindLocalPort = parsed['bind-local-port'];
+    final bool rvAuth = parsed['rv-auth'];
+    final bool rvE2ee = parsed['rv-e2ee'];
+
+    String? rvdAuthString = rvAuth ? Platform.environment['RV_AUTH'] : null;
+    String? sessionAESKeyString = rvE2ee
+        ? Platform.environment['RV_AES']
+        : null;
+    String? sessionIVString = rvE2ee ? Platform.environment['RV_IV'] : null;
+
+    if (rvAuth && (rvdAuthString ?? '').isEmpty) {
+      throw ArgumentError(
+          '--rv-auth required, but RV_AUTH is not in environment');
+    }
+    SocketConnector connector = await Srv.dart(
+      host,
+      streamingPort,
+      localPort: localPort,
+      bindLocalPort: bindLocalPort,
+      rvdAuthString: rvdAuthString,
+      sessionAESKeyString: sessionAESKeyString,
+      sessionIVString: sessionIVString,
+    ).run();
+
+    /// Shut myself down once the socket connector closes
+    stderr.writeln('Waiting for connector to close');
+    await connector.done;
+
+    stderr.writeln('Closed - exiting');
+    exit(0);
+  } on ArgumentError catch (e) {
+    printVersion();
+    stderr.writeln(parser.usage);
+    stderr.writeln('\n$e');
+    exit(1);
+  }
 }

packages/dart/sshnoports/bin/srvd.dart

@@ -23,7 +23,7 @@ void main(List<String> args) async {
       ),
       usageCallback: (e, s) {
         printVersion();
-        stdout.writeln(SrvdParams.parser.usage);
+        stderr.writeln(SrvdParams.parser.usage);
         stderr.writeln('\n$e');
       },
     );

packages/dart/sshnoports/bin/sshnpd.dart

@@ -4,6 +4,7 @@ import 'package:at_utils/at_logger.dart';
 import 'package:noports_core/sshnpd.dart';
 import 'package:sshnoports/src/create_at_client_cli.dart';
 import 'package:sshnoports/src/print_version.dart';
+import 'package:sshnoports/src/version.dart';
 
 void main(List<String> args) async {
   AtSignLogger.root_level = 'SHOUT';
@@ -22,9 +23,10 @@ void main(List<String> args) async {
       ),
       usageCallback: (e, s) {
         printVersion();
-        stdout.writeln(SshnpdParams.parser.usage);
+        stderr.writeln(SshnpdParams.parser.usage);
         stderr.writeln('\n$e');
       },
+      version: packageVersion,
     );
   } on ArgumentError catch (_) {
     exit(1);

packages/dart/sshnoports/lib/src/print_devices.dart

@@ -24,6 +24,6 @@ void printDeviceList(Iterable<String> devices, Map<String, dynamic> info) {
     return;
   }
   for (var device in devices) {
-    stderr.writeln('  $device - v${info[device]?['version']}');
+    stderr.writeln('  $device - v${info[device]?['version']} (core v${info[device]?['corePackageVersion']})');
   }
 }

packages/dart/sshnoports/lib/src/print_version.dart

@@ -4,5 +4,5 @@ import 'package:sshnoports/src/version.dart';
 
 /// Print version number
 void printVersion() {
-  stdout.writeln('Version : $packageVersion');
+  stderr.writeln('Version : $packageVersion');
 }

packages/dart/sshnoports/pubspec.lock

@@ -575,7 +575,7 @@ packages:
       path: "../noports_core"
       relative: true
     source: path
-    version: "5.1.0"
+    version: "6.0.0"
   openssh_ed25519:
     dependency: transitive
     description:

packages/dart/sshnoports/pubspec.yaml

@@ -1,13 +1,13 @@
 name: sshnoports
 publish_to: none
 
-version: 4.1.0
+version: 5.0.0
 
 environment:
   sdk: ">=3.0.0 <4.0.0"
 
 dependencies:
-  noports_core: 5.1.0
+  noports_core: 6.0.0
   at_onboarding_cli: 1.4.1
   args: 2.4.2
   socket_connector: ^2.0.1