From 2b44c878151f628449e7baf6244350aea7524a78 Mon Sep 17 00:00:00 2001 From: Russ Magee Date: Fri, 26 Jan 2018 16:15:39 -0800 Subject: [PATCH] Partial fixes to client login env; Added missing Conn.Listener interface methods to hkex.Conn.Listener --- README.md | 15 +++++++++------ demo/server/server.go | 21 ++++++++++++++++++--- hkexnet.go | 12 ++++++++++-- 3 files changed, 37 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index ddf782c..c59da2a 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,17 @@ Package herradurakex is a drop-in replacement for golang/pkg/net facilities -(net.Dial(), net.Listen(), net.Accept() and the net.Conn type) using the -experimental HerraduraKEx key exchange algorithm, first released at -(Omar Elejandro Herrera Reyna's github page)[github.com/Caume/HerraduraKEx]. +(net.Dial(), net.Listen(), net.Accept() and the net.Conn type), yielding +'secure' sockets using the experimental HerraduraKEx key exchange algorithm +first released by (Omar Elejandro Herrera Reyna's github page)[github.com/Caume/HerraduraKEx]. One can simply replace calls to net.Dial() with hkex.Dial(), and likewise net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange is initiated (whereby client and server independently derive the same -keying material) and session algorithms to be used are exchanged allowing an -encrypted channel between client and server. +keying material). + +Above this layer, apps (such as the demo/server/ and demo/client code) can +then negotiate session settings (cipher/hmac algorithms, etc.) to be used +for further communication. NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to derive crypto keying material on each end, this algorithm and the @@ -40,7 +43,7 @@ $ go build demo/client/client.go && go build demo/server/server.go $ go build demo/hkexpasswd/hkexpasswd.go [To set accounts & passwords] -$ sudo echo "joebloggs:*:*:*" >/etc/hkex.passwd +$ sudo echo "joebloggs:*:*:*" >/etc/hkexsh.passwd $ sudo ./hkexpasswd -u joebloggs [ in separate shells ] diff --git a/demo/server/server.go b/demo/server/server.go index b8f05da..84bef2a 100644 --- a/demo/server/server.go +++ b/demo/server/server.go @@ -78,12 +78,27 @@ func runShellAs(who string, cmd string, interactive bool, conn hkex.Conn) (err e fmt.Sscanf(u.Gid, "%d", &gid) fmt.Println("uid:", uid, "gid:", gid) + // Need to clear server's env and set key vars of the + // target user. This isn't perfect (TERM doesn't seem to + // work 100%; ANSI/xterm colour isn't working even + // if we set "xterm" or "ansi" here; and line count + // reported by 'stty -a' defaults to 24 regardless + // of client shell window used to run client. + // Investigate -- rlm 2018-01-26) + os.Clearenv() + os.Setenv("HOME", u.HomeDir) + os.Setenv("TERM", "vt102") // TODO: server or client option? + var c *exec.Cmd if interactive { - c = exec.Command("/bin/bash", "-i") + c = exec.Command("/bin/bash", "-i", "-l") } else { c = exec.Command("/bin/bash", "-c", cmd) } + //If os.Clearenv() isn't called by server above these will be seen in the + //client's session env. + //c.Env = []string{"HOME=" + u.HomeDir, "SUDO_GID=", "SUDO_UID=", "SUDO_USER=", "SUDO_COMMAND=", "MAIL=", "LOGNAME="+who} + c.Dir = u.HomeDir c.SysProcAttr = &syscall.SysProcAttr{} c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid} c.Stdin = conn @@ -215,14 +230,14 @@ func main() { // Returned hopefully via an EOF or exit/logout; // Clear current op so user can enter next, or EOF rec.op[0] = 0 - log.Println("[Command complete]") + fmt.Println("[Command complete]") } else if rec.op[0] == 's' { log.Println("[Running shell]") runShellAs(string(rec.who), string(rec.cmd), true, conn) // Returned hopefully via an EOF or exit/logout; // Clear current op so user can enter next, or EOF rec.op[0] = 0 - log.Println("[Exiting shell]") + fmt.Println("[Exiting shell]") } else { log.Println("[Bad cmdSpec]") } diff --git a/hkexnet.go b/hkexnet.go index 9fdd27f..4938fef 100644 --- a/hkexnet.go +++ b/hkexnet.go @@ -225,14 +225,22 @@ func Listen(protocol string, ipport string) (hl HKExListener, e error) { return } -// Close a hkex Listener +// Close a hkex Listener - closes the Listener. +// Any blocked Accept operations will be unblocked and return errors. // -// See go doc io.Close +// See go doc net.Listener.Close func (hl HKExListener) Close() error { log.Println("[Listener Closed]") return hl.l.Close() } +// Addr returns a the listener's network address. +// +// See go doc net.Listener.Addr +func (hl HKExListener) Addr() net.Addr { + return hl.l.Addr() +} + // Accept a client connection, conforming to net.Listener.Accept() // // See go doc net.Listener.Accept