mirror of https://gogs.blitter.com/RLabs/xs
Work on setup for tunnels
Signed-off-by: Russ Magee <rmagee@gmail.com>
This commit is contained in:
parent
48b0c41f62
commit
1e6da733a2
|
@ -92,9 +92,9 @@ type (
|
||||||
|
|
||||||
// TunEndpoint [securePort:peer:dataPort]
|
// TunEndpoint [securePort:peer:dataPort]
|
||||||
TunEndpoint struct {
|
TunEndpoint struct {
|
||||||
tunPort uint16
|
TunPort uint16
|
||||||
peer net.Addr
|
Peer string //net.Addr
|
||||||
dataPort uint16
|
DataPort uint16
|
||||||
}
|
}
|
||||||
|
|
||||||
// Conn is a connection wrapping net.Conn with KEX & session state
|
// Conn is a connection wrapping net.Conn with KEX & session state
|
||||||
|
@ -110,6 +110,8 @@ type (
|
||||||
|
|
||||||
chaff ChaffConfig
|
chaff ChaffConfig
|
||||||
|
|
||||||
|
tuns []TunEndpoint
|
||||||
|
|
||||||
closeStat *CSOType // close status (CSOExitStatus)
|
closeStat *CSOType // close status (CSOExitStatus)
|
||||||
r cipher.Stream //read cipherStream
|
r cipher.Stream //read cipherStream
|
||||||
rm hash.Hash
|
rm hash.Hash
|
||||||
|
@ -123,6 +125,11 @@ var (
|
||||||
Log *logger.Writer // reg. syslog output (no -d)
|
Log *logger.Writer // reg. syslog output (no -d)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// Return string (suitable as map key) for a tunnel endpoint
|
||||||
|
func (t *TunEndpoint) String() string {
|
||||||
|
return fmt.Sprintf("[%d:%s:%d]", t.DataPort, t.Peer, t.TunPort)
|
||||||
|
}
|
||||||
|
|
||||||
func _initLogging(d bool, c string, f logger.Priority) {
|
func _initLogging(d bool, c string, f logger.Priority) {
|
||||||
if Log == nil {
|
if Log == nil {
|
||||||
Log, _ = logger.New(f, fmt.Sprintf("%s:hkexnet", c))
|
Log, _ = logger.New(f, fmt.Sprintf("%s:hkexnet", c))
|
||||||
|
@ -814,7 +821,14 @@ func (hc Conn) Read(b []byte) (n int, err error) {
|
||||||
}
|
}
|
||||||
hc.Close()
|
hc.Close()
|
||||||
} else if ctrlStatOp == CSOTunReq {
|
} else if ctrlStatOp == CSOTunReq {
|
||||||
Log.Notice("[Client Tunnel Open Request - TODO]\n")
|
// This should ONLY be sent from client -> server!
|
||||||
|
// TODO: Hmm. should this package (hkexnet) take a 'server'/'client' context
|
||||||
|
// in order to know how to handle mis-uses?
|
||||||
|
addrs, _ := net.InterfaceAddrs()
|
||||||
|
t := TunEndpoint{Peer: addrs[0].String()}
|
||||||
|
t.TunPort = binary.BigEndian.Uint16(payloadBytes)
|
||||||
|
//fmt.Sscanf(string(payloadBytes), "%d", &t.tunPort)
|
||||||
|
Log.Notice(fmt.Sprintf("[TODO: Client Tunnel Open Request - traffic for server %s, port %d]\n", t.Peer, t.TunPort))
|
||||||
} else if ctrlStatOp == CSOTunAck {
|
} else if ctrlStatOp == CSOTunAck {
|
||||||
Log.Notice("[Server Tunnel Open Ack - TODO]\n")
|
Log.Notice("[Server Tunnel Open Ack - TODO]\n")
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -16,6 +16,7 @@ import (
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"log"
|
"log"
|
||||||
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
"os/user"
|
"os/user"
|
||||||
|
@ -28,8 +29,8 @@ import (
|
||||||
|
|
||||||
hkexsh "blitter.com/go/hkexsh"
|
hkexsh "blitter.com/go/hkexsh"
|
||||||
"blitter.com/go/hkexsh/hkexnet"
|
"blitter.com/go/hkexsh/hkexnet"
|
||||||
"blitter.com/go/hkexsh/spinsult"
|
|
||||||
"blitter.com/go/hkexsh/logger"
|
"blitter.com/go/hkexsh/logger"
|
||||||
|
"blitter.com/go/hkexsh/spinsult"
|
||||||
isatty "github.com/mattn/go-isatty"
|
isatty "github.com/mattn/go-isatty"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -336,6 +337,15 @@ func rejectUserMsg() string {
|
||||||
return "Begone, " + spinsult.GetSentence() + "\r\n"
|
return "Begone, " + spinsult.GetSentence() + "\r\n"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func requestTunnel(c *hkexnet.Conn, dp uint16, p string /*net.Addr*/, tp uint16) (t hkexnet.TunEndpoint) {
|
||||||
|
t = hkexnet.TunEndpoint{DataPort: dp, Peer: p, TunPort: tp}
|
||||||
|
var bTmp bytes.Buffer
|
||||||
|
binary.Write(&bTmp, binary.BigEndian, t.DataPort)
|
||||||
|
c.WritePacket(bTmp.Bytes(), hkexnet.CSOTunReq)
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
// hkexsh - a client for secure shell and file copy operations.
|
// hkexsh - a client for secure shell and file copy operations.
|
||||||
//
|
//
|
||||||
// While conforming to the basic net.Conn interface HKex.Conn has extra
|
// While conforming to the basic net.Conn interface HKex.Conn has extra
|
||||||
|
@ -359,6 +369,7 @@ func main() {
|
||||||
var server string
|
var server string
|
||||||
var port uint
|
var port uint
|
||||||
var cmdStr string
|
var cmdStr string
|
||||||
|
var tunSpecStr string // lport1:rport1[,lport2:rport2,...]
|
||||||
|
|
||||||
var copySrc []byte
|
var copySrc []byte
|
||||||
var copyDst string
|
var copyDst string
|
||||||
|
@ -380,9 +391,9 @@ func main() {
|
||||||
flag.UintVar(&port, "p", 2000, "`port`")
|
flag.UintVar(&port, "p", 2000, "`port`")
|
||||||
//flag.StringVar(&authCookie, "a", "", "auth cookie")
|
//flag.StringVar(&authCookie, "a", "", "auth cookie")
|
||||||
flag.BoolVar(&chaffEnabled, "e", true, "enabled chaff pkts (default true)")
|
flag.BoolVar(&chaffEnabled, "e", true, "enabled chaff pkts (default true)")
|
||||||
flag.UintVar(&chaffFreqMin, "f", 100, "chaff pkt `freq` min (msecs)")
|
flag.UintVar(&chaffFreqMin, "f", 100, "`msecs-min` chaff pkt freq min (msecs)")
|
||||||
flag.UintVar(&chaffFreqMax, "F", 5000, "chaff pkt `freq` max (msecs)")
|
flag.UintVar(&chaffFreqMax, "F", 5000, "`msecs-max` chaff pkt freq max (msecs)")
|
||||||
flag.UintVar(&chaffBytesMax, "B", 64, "chaff pkt `size` max (bytes)")
|
flag.UintVar(&chaffBytesMax, "B", 64, "chaff pkt size max (bytes)")
|
||||||
|
|
||||||
// Find out what program we are (shell or copier)
|
// Find out what program we are (shell or copier)
|
||||||
myPath := strings.Split(os.Args[0], string(os.PathSeparator))
|
myPath := strings.Split(os.Args[0], string(os.PathSeparator))
|
||||||
|
@ -390,6 +401,7 @@ func main() {
|
||||||
// hkexsh accepts a command (-x) but not
|
// hkexsh accepts a command (-x) but not
|
||||||
// a srcpath (-r) or dstpath (-t)
|
// a srcpath (-r) or dstpath (-t)
|
||||||
flag.StringVar(&cmdStr, "x", "", "`command` to run (if not specified run interactive shell)")
|
flag.StringVar(&cmdStr, "x", "", "`command` to run (if not specified run interactive shell)")
|
||||||
|
flag.StringVar(&tunSpecStr, "t", "", "`tunnelspec` localPort:remotePort[,localPort:remotePort,...]")
|
||||||
flag.BoolVar(&gopt, "g", false, "ask server to generate authtoken")
|
flag.BoolVar(&gopt, "g", false, "ask server to generate authtoken")
|
||||||
shellMode = true
|
shellMode = true
|
||||||
flag.Usage = UsageShell
|
flag.Usage = UsageShell
|
||||||
|
@ -613,12 +625,24 @@ func main() {
|
||||||
// Set up chaffing to server
|
// Set up chaffing to server
|
||||||
conn.SetupChaff(chaffFreqMin, chaffFreqMax, chaffBytesMax) // enable client->server chaffing
|
conn.SetupChaff(chaffFreqMin, chaffFreqMax, chaffBytesMax) // enable client->server chaffing
|
||||||
if chaffEnabled {
|
if chaffEnabled {
|
||||||
conn.EnableChaff()
|
conn.EnableChaff() // goroutine, returns immediately
|
||||||
defer conn.DisableChaff()
|
defer conn.DisableChaff()
|
||||||
defer conn.ShutdownChaff()
|
defer conn.ShutdownChaff()
|
||||||
}
|
}
|
||||||
|
|
||||||
if shellMode {
|
if shellMode {
|
||||||
|
// TODO: tunnel setup would be here or within doShellMode()
|
||||||
|
|
||||||
|
// TESTING - tunnel
|
||||||
|
remAddrs, _ := net.LookupHost(remoteHost)
|
||||||
|
t := requestTunnel(&conn, 6001, remAddrs[0], 7001)
|
||||||
|
_ = t
|
||||||
|
//t := hkexnet.TunEndpoint{DataPort: 6001, Peer: nil, TunPort: 7001}
|
||||||
|
//var bTmp bytes.Buffer
|
||||||
|
//binary.Write(&bTmp, binary.BigEndian, t.DataPort)
|
||||||
|
//conn.WritePacket(bTmp.Bytes(), hkexnet.CSOTunReq)
|
||||||
|
// END TESTING - tunnel
|
||||||
|
|
||||||
doShellMode(isInteractive, &conn, oldState, rec)
|
doShellMode(isInteractive, &conn, oldState, rec)
|
||||||
} else { // copyMode
|
} else { // copyMode
|
||||||
_, s := doCopyMode(&conn, pathIsDest, fileArgs, rec)
|
_, s := doCopyMode(&conn, pathIsDest, fileArgs, rec)
|
||||||
|
|
Loading…
Reference in New Issue