mirror of https://gogs.blitter.com/RLabs/xs
-TODO items; scrub authCookie after use
This commit is contained in:
parent
c9eb6bcb38
commit
1efc1337df
9
TODO.txt
9
TODO.txt
|
@ -11,11 +11,18 @@ Architecture
|
|||
(DONE) - Move hkexnet components other than key exchange into a proper hkex package
|
||||
(ie., hkexsh imports hkex) - hkex should be usable for other client/svr utils,
|
||||
ala 'hkex-netcat')
|
||||
(parts split out into hkexnet/*, hkexsession.go)
|
||||
- Make KEx fully-pluggable: isolate all code to do with Herradura into a
|
||||
KEx-neutral pkg so it can be swapped out for other methods (eg., DH etc.)
|
||||
|
||||
Features
|
||||
- Support for hkcp (hkex-cp) - secure file copy protocol
|
||||
(DONE) - Support for hkcp (hkex-cp) - secure file copy protocol
|
||||
- (IN PROGRESS) auth tokens to allow scripted hkexsh/hkexcp use
|
||||
* ~/.hkexsh_id file with multiple (host:token) entries
|
||||
(Currently only one supported - need to support multiple lines for
|
||||
multiple dest servers; also consider client sending host/ip used
|
||||
to connect to server, so it can ensure the auth token matches that
|
||||
used as servers can potentially be reached by multiple hostnames/IPs)
|
||||
- hktun - tunnelling - multiple tunnel sessions co-existing w/shell sessions
|
||||
|
||||
Alternate transports for hkexsh.Conn - HTTP-mimicking traffic, ICMP, ... ?
|
||||
|
|
|
@ -519,6 +519,7 @@ func main() {
|
|||
}
|
||||
|
||||
if len(authCookie) == 0 {
|
||||
//No auth token, prompt for password
|
||||
fmt.Printf("Gimme cookie:")
|
||||
ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd()))
|
||||
fmt.Printf("\r\n")
|
||||
|
@ -541,6 +542,10 @@ func main() {
|
|||
_, err = conn.Write(rec.Cmd())
|
||||
_, err = conn.Write(rec.AuthCookie(true))
|
||||
|
||||
//Security scrub
|
||||
authCookie = nil
|
||||
runtime.GC()
|
||||
|
||||
// Read auth reply from server
|
||||
authReply := make([]byte, 1) // bool: 0 = fail, 1 = pass
|
||||
_, err = conn.Read(authReply)
|
||||
|
|
Loading…
Reference in New Issue