Partial fixes to client login env; Added missing Conn.Listener interface methods to hkex.Conn.Listener

This commit is contained in:
Russ Magee 2018-01-26 16:15:39 -08:00
parent 52423b7144
commit 2b44c87815
3 changed files with 37 additions and 11 deletions

View File

@ -1,14 +1,17 @@
Package herradurakex is a drop-in replacement for golang/pkg/net facilities
(net.Dial(), net.Listen(), net.Accept() and the net.Conn type) using the
experimental HerraduraKEx key exchange algorithm, first released at
(Omar Elejandro Herrera Reyna's github page)[github.com/Caume/HerraduraKEx].
(net.Dial(), net.Listen(), net.Accept() and the net.Conn type), yielding
'secure' sockets using the experimental HerraduraKEx key exchange algorithm
first released by (Omar Elejandro Herrera Reyna's github page)[github.com/Caume/HerraduraKEx].
One can simply replace calls to net.Dial() with hkex.Dial(), and likewise
net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming
to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange
is initiated (whereby client and server independently derive the same
keying material) and session algorithms to be used are exchanged allowing an
encrypted channel between client and server.
keying material).
Above this layer, apps (such as the demo/server/ and demo/client code) can
then negotiate session settings (cipher/hmac algorithms, etc.) to be used
for further communication.
NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to
derive crypto keying material on each end, this algorithm and the
@ -40,7 +43,7 @@ $ go build demo/client/client.go && go build demo/server/server.go
$ go build demo/hkexpasswd/hkexpasswd.go
[To set accounts & passwords]
$ sudo echo "joebloggs:*:*:*" >/etc/hkex.passwd
$ sudo echo "joebloggs:*:*:*" >/etc/hkexsh.passwd
$ sudo ./hkexpasswd -u joebloggs
[ in separate shells ]

View File

@ -78,12 +78,27 @@ func runShellAs(who string, cmd string, interactive bool, conn hkex.Conn) (err e
fmt.Sscanf(u.Gid, "%d", &gid)
fmt.Println("uid:", uid, "gid:", gid)
// Need to clear server's env and set key vars of the
// target user. This isn't perfect (TERM doesn't seem to
// work 100%; ANSI/xterm colour isn't working even
// if we set "xterm" or "ansi" here; and line count
// reported by 'stty -a' defaults to 24 regardless
// of client shell window used to run client.
// Investigate -- rlm 2018-01-26)
os.Clearenv()
os.Setenv("HOME", u.HomeDir)
os.Setenv("TERM", "vt102") // TODO: server or client option?
var c *exec.Cmd
if interactive {
c = exec.Command("/bin/bash", "-i")
c = exec.Command("/bin/bash", "-i", "-l")
} else {
c = exec.Command("/bin/bash", "-c", cmd)
}
//If os.Clearenv() isn't called by server above these will be seen in the
//client's session env.
//c.Env = []string{"HOME=" + u.HomeDir, "SUDO_GID=", "SUDO_UID=", "SUDO_USER=", "SUDO_COMMAND=", "MAIL=", "LOGNAME="+who}
c.Dir = u.HomeDir
c.SysProcAttr = &syscall.SysProcAttr{}
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
c.Stdin = conn
@ -215,14 +230,14 @@ func main() {
// Returned hopefully via an EOF or exit/logout;
// Clear current op so user can enter next, or EOF
rec.op[0] = 0
log.Println("[Command complete]")
fmt.Println("[Command complete]")
} else if rec.op[0] == 's' {
log.Println("[Running shell]")
runShellAs(string(rec.who), string(rec.cmd), true, conn)
// Returned hopefully via an EOF or exit/logout;
// Clear current op so user can enter next, or EOF
rec.op[0] = 0
log.Println("[Exiting shell]")
fmt.Println("[Exiting shell]")
} else {
log.Println("[Bad cmdSpec]")
}

View File

@ -225,14 +225,22 @@ func Listen(protocol string, ipport string) (hl HKExListener, e error) {
return
}
// Close a hkex Listener
// Close a hkex Listener - closes the Listener.
// Any blocked Accept operations will be unblocked and return errors.
//
// See go doc io.Close
// See go doc net.Listener.Close
func (hl HKExListener) Close() error {
log.Println("[Listener Closed]")
return hl.l.Close()
}
// Addr returns a the listener's network address.
//
// See go doc net.Listener.Addr
func (hl HKExListener) Addr() net.Addr {
return hl.l.Addr()
}
// Accept a client connection, conforming to net.Listener.Accept()
//
// See go doc net.Listener.Accept