mirror of https://gogs.blitter.com/RLabs/xs
-TODO items; scrub authCookie after use
This commit is contained in:
parent
c9eb6bcb38
commit
1efc1337df
9
TODO.txt
9
TODO.txt
|
@ -11,11 +11,18 @@ Architecture
|
||||||
(DONE) - Move hkexnet components other than key exchange into a proper hkex package
|
(DONE) - Move hkexnet components other than key exchange into a proper hkex package
|
||||||
(ie., hkexsh imports hkex) - hkex should be usable for other client/svr utils,
|
(ie., hkexsh imports hkex) - hkex should be usable for other client/svr utils,
|
||||||
ala 'hkex-netcat')
|
ala 'hkex-netcat')
|
||||||
|
(parts split out into hkexnet/*, hkexsession.go)
|
||||||
- Make KEx fully-pluggable: isolate all code to do with Herradura into a
|
- Make KEx fully-pluggable: isolate all code to do with Herradura into a
|
||||||
KEx-neutral pkg so it can be swapped out for other methods (eg., DH etc.)
|
KEx-neutral pkg so it can be swapped out for other methods (eg., DH etc.)
|
||||||
|
|
||||||
Features
|
Features
|
||||||
- Support for hkcp (hkex-cp) - secure file copy protocol
|
(DONE) - Support for hkcp (hkex-cp) - secure file copy protocol
|
||||||
|
- (IN PROGRESS) auth tokens to allow scripted hkexsh/hkexcp use
|
||||||
|
* ~/.hkexsh_id file with multiple (host:token) entries
|
||||||
|
(Currently only one supported - need to support multiple lines for
|
||||||
|
multiple dest servers; also consider client sending host/ip used
|
||||||
|
to connect to server, so it can ensure the auth token matches that
|
||||||
|
used as servers can potentially be reached by multiple hostnames/IPs)
|
||||||
- hktun - tunnelling - multiple tunnel sessions co-existing w/shell sessions
|
- hktun - tunnelling - multiple tunnel sessions co-existing w/shell sessions
|
||||||
|
|
||||||
Alternate transports for hkexsh.Conn - HTTP-mimicking traffic, ICMP, ... ?
|
Alternate transports for hkexsh.Conn - HTTP-mimicking traffic, ICMP, ... ?
|
||||||
|
|
|
@ -519,6 +519,7 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(authCookie) == 0 {
|
if len(authCookie) == 0 {
|
||||||
|
//No auth token, prompt for password
|
||||||
fmt.Printf("Gimme cookie:")
|
fmt.Printf("Gimme cookie:")
|
||||||
ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd()))
|
ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd()))
|
||||||
fmt.Printf("\r\n")
|
fmt.Printf("\r\n")
|
||||||
|
@ -541,6 +542,10 @@ func main() {
|
||||||
_, err = conn.Write(rec.Cmd())
|
_, err = conn.Write(rec.Cmd())
|
||||||
_, err = conn.Write(rec.AuthCookie(true))
|
_, err = conn.Write(rec.AuthCookie(true))
|
||||||
|
|
||||||
|
//Security scrub
|
||||||
|
authCookie = nil
|
||||||
|
runtime.GC()
|
||||||
|
|
||||||
// Read auth reply from server
|
// Read auth reply from server
|
||||||
authReply := make([]byte, 1) // bool: 0 = fail, 1 = pass
|
authReply := make([]byte, 1) // bool: 0 = fail, 1 = pass
|
||||||
_, err = conn.Read(authReply)
|
_, err = conn.Read(authReply)
|
||||||
|
|
Loading…
Reference in New Issue