From 16523355f3a68b80a95200555665d2f6c007e102 Mon Sep 17 00:00:00 2001
From: Chris Koeritz <fred@gruntose.com>
Date: Sun, 14 Apr 2013 11:20:35 -0400
Subject: [PATCH] probably a breaking change to move up to new abstracted
 tunneling script. the screened tunneler makes an ssh tunnel solely based on
 the command line parameters, which sounds obvious but is actually a big
 improvement.  start tunnels is now called tunnel zooty, at the moment anyway,
 and that's the user of the screened tunneler. if this works nicely, other
 tunnel scripts can also be converted.

---
 scripts/security/screened_tunneler.sh | 116 +++++++++++++++++++++++
 scripts/security/start_tunnels.sh     | 128 --------------------------
 scripts/security/tunnel_zooty.sh      |  15 +++
 3 files changed, 131 insertions(+), 128 deletions(-)
 create mode 100755 scripts/security/screened_tunneler.sh
 delete mode 100755 scripts/security/start_tunnels.sh
 create mode 100755 scripts/security/tunnel_zooty.sh

diff --git a/scripts/security/screened_tunneler.sh b/scripts/security/screened_tunneler.sh
new file mode 100755
index 00000000..8e855bff
--- /dev/null
+++ b/scripts/security/screened_tunneler.sh
@@ -0,0 +1,116 @@
+#!/bin/bash
+# this script manages one ssh tunnel inside a named 'screen' session.
+
+##############
+
+# this section scavenges and documents the command line parameters...
+
+# set this to the user and hostname that serve the tunnel on the remote
+# side.  for example: geoffrey@chaucertales.com
+TUNNEL_USER_PLUS_HOST="$1"; shift
+
+# a tunnel command for ssh that gives us a link between here and there.
+# this should be in the form:
+#   "-L ${sourcePort}:${tunnelHost}:${destinationPort}"
+# such as this example that connects a local port 12000 to the remote port
+# of 25 in order to create a tunnel for smtp traffic:
+#   "-L 12000:localhost:25"
+# other ssh commands can be used here if they are properly formatted.
+TUNNEL_LINK="$1"; shift
+
+# this variable should be set to the name for the tunnel.  one can then
+# open the tunnel screen with: screen -r -S "name"
+TUNNEL_SCREEN_NAME="$1"; shift
+
+# set this to your key file, plus the -i flag, such as: 
+#   SECURITY_KEY="-i $HOME/.ssh/id_rsa" 
+# if you do not have a special one set up or the default is fine, then just
+# pass a blank parameter (e.g. "").
+TUNNEL_SECURITY_KEY="$1"; shift
+
+# if this is set, it means we're through the script the second time, inside
+# a screen session, and we need to actually do the work now.
+LAUNCH_IT="$1"; shift
+
+##############
+
+function print_instructions()
+{
+  echo "\
+$(basename $0): This script requires at least three parameters and can\n\
+take up to five.  The parameters are (1) tunnel user at hostname, (2) ssh tunnel\n\
+link command, (3) tunnel screen name, (4) tunnel security key, (5) the launch\n\
+command 'go'.  An example command is shown below, but many more details are\n\
+explained inside this script:\n\
+  $(basename $0) "geoffrey@chaucertales.com" "-L 12000:localhost:25" \\\n\
+"tunz" "-i mykey.pem"\n\
+The fifth flag is really only needed internally, but often the other four\n\
+parameters are specified."
+}
+
+##############
+
+# make sure the required parameters are provided.
+if [ -z "$TUNNEL_USER_PLUS_HOST" -o -z "$TUNNEL_LINK" -o -z "$TUNNEL_SCREEN_NAME" ]; then
+  print_instructions
+  exit 1
+fi
+
+##############
+
+# translate command line parameters if desired.
+LAUNCHING_TUNNEL=0
+if [ "$LAUNCH_IT" == "go" ]; then
+  LAUNCHING_TUNNEL=1
+fi
+
+##############
+
+#hmmm: these variables should be configurable from plug-ins someday.
+
+TUNNEL_ALERT_SOUND=$FEISTY_MEOW_DIR/database/sounds/woouoo.wav
+if [ ! -z "$1" ]; then
+  TUNNEL_ALERT_SOUND=$1
+fi
+
+# how often to play sounds when reconnecting.
+NOISE_PERIOD=180
+
+# when we last played a sound.
+LAST_SOUND_TIME=0
+
+##############
+
+play_sound_periodically()
+{
+  CURRENT_TIME=$(date +"%s")
+  if (( $CURRENT_TIME - $LAST_SOUND_TIME >= $NOISE_PERIOD )); then
+    echo playing sound now.
+    bash $FEISTY_MEOW_SCRIPTS/multimedia/sound_play.sh $TUNNEL_ALERT_SOUND &>/dev/null </dev/null &
+    LAST_SOUND_TIME=$CURRENT_TIME
+  fi
+}
+
+##############
+
+function main_tunnely_loop()
+{
+  while true; do
+    echo "Connecting tunnel to destination..."
+    ssh -2 -N -v "$TUNNEL_LINK" "$TUNNEL_SECURITY_KEY" "$TUNNEL_USER_PLUS_HOST"
+    echo "Got dumped from tunnels; re-establishing connection."
+    play_sound_periodically
+    echo "Note: if you're being asked for a password, then you haven't provided\nan RSA key that works yet."
+    sleep 1
+  done
+}
+
+if [ $LAUNCHING_TUNNEL -eq 1 ]; then
+  # this version is already ready to tunnel already, so let's tunnel.
+  main_tunnely_loop
+  # loop does not exit on its own.
+else
+  # this version re-launches the script but tells it to start the tunnel.
+  screen -L -S "$TUNNEL_SCREEN_NAME" -d -m bash $0 "$TUNNEL_USER_PLUS_HOST" "$TUNNEL_LINK" "$TUNNEL_SCREEN_NAME" "$TUNNEL_SECURITY_KEY" go
+fi
+
diff --git a/scripts/security/start_tunnels.sh b/scripts/security/start_tunnels.sh
deleted file mode 100755
index ee00b2cc..00000000
--- a/scripts/security/start_tunnels.sh
+++ /dev/null
@@ -1,128 +0,0 @@
-#!/bin/bash
-# this script makes a tunnel for SMTP traffic and others.  a remote ssh server
-# is required.  this is especially useful for routing around firewalls using
-# a web proxy like squid.  when used for SMTP, it ensures that none of the
-# text is seen on whatever network one is on before it's sent from the remote
-# server.
-
-#hmmm:  none of the user info below will work for others: parameterize it.
-
-#hmmm: maybe we need a base function that takes all the disparate values,
-#      and this script could call it with known feisty meow settings.
-
-##############
-
-# check for parameters on the command line.
-launch_it="$1"; shift
-
-##############
-
-LAUNCHING_TUNNEL=0
-if [ "$launch_it" == "go" ]; then
-  LAUNCHING_TUNNEL=1
-fi
-
-##############
-
-# these variables are configurable from plug-ins.
-#hmmm: what?
-
-soundfile=$FEISTY_MEOW_DIR/database/sounds/woouoo.wav
-if [ ! -z "$1" ]; then
-  soundfile=$1
-fi
-
-##############
-
-# provides a list of properly formatted tunnels for ssh to create.  if this list
-# is empty, then we do nothing.
-TUNNEL_LIST=()
-
-# set this to the hostname that will be providing the tunnel.  this is
-# usually a remote system.
-TUNNEL_USER_PLUS_HOST=""
-
-# set this to your key file, plus the -i flag, such as: 
-#   SECURITY_KEY="-i $HOME/.ssh/id_rsa" 
-TUNNEL_SECURITY_KEY=""
-
-# this variable should be set to the name for the tunnel.  one can then
-# open the tunnel screen with: screen -r -S "name"
-TUNNEL_SCREEN_NAME="tunnely"
-
-# a comment for when we make the connection
-TUNNEL_COMMENT="Connecting tunnel to destination..."
-
-##############
-
-#hmmm:move to fred configs!
-TUNNEL_LIST+=(-L 14008:localhost:25)
-TUNNEL_USER_PLUS_HOST="fred@serene.feistymeow.org"
-TUNNEL_SECURITY_KEY="-i $HOME/.ssh/id_dsa_fred" 
-TUNNEL_COMMENT="Connecting sendmail to serenely zooty."
-TUNNEL_SCREEN_NAME="zooty"
-
-##############
-
-# how often to play sounds when reconnecting.
-NOISE_PERIOD=180
-
-# when we last played a sound.
-LAST_SOUND_TIME=0
-
-play_sound_periodically()
-{
-  CURRENT_TIME=$(date +"%s")
-  if (( $CURRENT_TIME - $LAST_SOUND_TIME >= $NOISE_PERIOD )); then
-    echo playing sound now.
-    bash $FEISTY_MEOW_SCRIPTS/multimedia/sound_play.sh $soundfile &>/dev/null </dev/null &
-#hmmm: parameterize this for the sound to be played.  doofus.
-    LAST_SOUND_TIME=$CURRENT_TIME
-  fi
-}
-
-##############
-
-function main_tunnely_loop()
-{
-  while true; do
-    echo "$TUNNEL_COMMENT"
-    ssh -2 -N -v ${TUNNEL_LIST[*]} "$TUNNEL_SECURITY_KEY" "$TUNNEL_USER_PLUS_HOST"
-    echo "Got dumped from tunnels; re-establishing connection."
-    play_sound_periodically
-    echo "Note: if you're being asked for a password, you haven't set up an RSA key yet."
-    sleep 1
-  done
-}
-
-# notes...
-
-#-L 8028:localhost:3128 
-
-#-L 8043:localhost:443 
-
-# ports sometimes used:
-#     25 is the sendmail tunnel.
-#   3128 is the squid proxy server.
-#    443 is the https version of squid.
-
-# ssh flags in use sometimes:
-#   -f   go into the background once connected.
-#   -2   enforce ssh version 2.
-#   -N   don't execute any command; just forward data between the ports.
-#   -L   (port:host:hostport) connect the local machine's "port" to the
-#        remote port "hostport" on the "host" specified.  the local "port"
-#        becomes an alias for the remote port.  note that the connection
-#        being made to host and hostport is from the perspective of the ssh
-#        server, not the local host.
-
-if [ $LAUNCHING_TUNNEL -eq 1 ]; then
-  # this version is already ready to tunnel already, so let's tunnel.
-  main_tunnely_loop
-  # loop does not exit on its own.
-else
-  # this version re-launches the script but tells it to start the tunnel.
-  screen -L -S "$TUNNEL_SCREEN_NAME" -d -m bash $0 go
-fi
-
-
diff --git a/scripts/security/tunnel_zooty.sh b/scripts/security/tunnel_zooty.sh
new file mode 100755
index 00000000..869370be
--- /dev/null
+++ b/scripts/security/tunnel_zooty.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# this script makes a tunnel for fred's SMTP traffic.
+
+#hmmm: move this script to fred customized stuff
+
+TUNNEL_USER_PLUS_HOST="fred@serene.feistymeow.org"
+TUNNEL_LINK="-L 14008:localhost:25"
+TUNNEL_SCREEN_NAME="zooty"
+TUNNEL_SECURITY_KEY="-i $HOME/.ssh/id_dsa_fred" 
+
+##############
+
+bash $FEISTY_MEOW_SCRIPTS/security/screened_tunneler.sh "$TUNNEL_USER_PLUS_HOST" "$TUNNEL_LINK" "$TUNNEL_SCREEN_NAME" "$TUNNEL_SECURITY_KEY"
+
+
-- 
2.34.1