mirror of https://gogs.blitter.com/RLabs/xs
				
				
				
			Partial fixes to client login env; Added missing Conn.Listener interface methods to hkex.Conn.Listener
This commit is contained in:
		
							parent
							
								
									52423b7144
								
							
						
					
					
						commit
						2b44c87815
					
				
							
								
								
									
										15
									
								
								README.md
								
								
								
								
							
							
						
						
									
										15
									
								
								README.md
								
								
								
								
							|  | @ -1,14 +1,17 @@ | ||||||
| Package herradurakex is a drop-in replacement for golang/pkg/net facilities | Package herradurakex is a drop-in replacement for golang/pkg/net facilities | ||||||
| (net.Dial(), net.Listen(), net.Accept() and the net.Conn type) using the | (net.Dial(), net.Listen(), net.Accept() and the net.Conn type), yielding | ||||||
| experimental HerraduraKEx key exchange algorithm, first released at | 'secure' sockets using the experimental HerraduraKEx key exchange algorithm | ||||||
| (Omar Elejandro Herrera Reyna's github page)[github.com/Caume/HerraduraKEx]. | first released by (Omar Elejandro Herrera Reyna's github page)[github.com/Caume/HerraduraKEx]. | ||||||
| 
 | 
 | ||||||
| One can simply replace calls to net.Dial() with hkex.Dial(), and likewise | One can simply replace calls to net.Dial() with hkex.Dial(), and likewise | ||||||
| net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming | net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming | ||||||
| to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange | to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange | ||||||
| is initiated (whereby client and server independently derive the same | is initiated (whereby client and server independently derive the same | ||||||
| keying material) and session algorithms to be used are exchanged allowing an | keying material). | ||||||
| encrypted channel between client and server. | 
 | ||||||
|  | Above this layer, apps (such as the demo/server/ and demo/client code) can | ||||||
|  | then negotiate session settings (cipher/hmac algorithms, etc.) to be used | ||||||
|  | for further communication. | ||||||
| 
 | 
 | ||||||
| NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to | NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to | ||||||
| derive crypto keying material on each end, this algorithm and the | derive crypto keying material on each end, this algorithm and the | ||||||
|  | @ -40,7 +43,7 @@ $ go build demo/client/client.go && go build demo/server/server.go | ||||||
| $ go build demo/hkexpasswd/hkexpasswd.go | $ go build demo/hkexpasswd/hkexpasswd.go | ||||||
| 
 | 
 | ||||||
| [To set accounts & passwords] | [To set accounts & passwords] | ||||||
| $ sudo echo "joebloggs:*:*:*" >/etc/hkex.passwd | $ sudo echo "joebloggs:*:*:*" >/etc/hkexsh.passwd | ||||||
| $ sudo ./hkexpasswd -u joebloggs | $ sudo ./hkexpasswd -u joebloggs | ||||||
| 
 | 
 | ||||||
| [ in separate shells ] | [ in separate shells ] | ||||||
|  |  | ||||||
|  | @ -78,12 +78,27 @@ func runShellAs(who string, cmd string, interactive bool, conn hkex.Conn) (err e | ||||||
| 	fmt.Sscanf(u.Gid, "%d", &gid) | 	fmt.Sscanf(u.Gid, "%d", &gid) | ||||||
| 	fmt.Println("uid:", uid, "gid:", gid) | 	fmt.Println("uid:", uid, "gid:", gid) | ||||||
| 
 | 
 | ||||||
|  | 	// Need to clear server's env and set key vars of the
 | ||||||
|  | 	// target user. This isn't perfect (TERM doesn't seem to
 | ||||||
|  | 	// work 100%; ANSI/xterm colour isn't working even
 | ||||||
|  | 	// if we set "xterm" or "ansi" here; and line count
 | ||||||
|  | 	// reported by 'stty -a' defaults to 24 regardless
 | ||||||
|  | 	// of client shell window used to run client.
 | ||||||
|  | 	// Investigate -- rlm 2018-01-26)
 | ||||||
|  | 	os.Clearenv() | ||||||
|  | 	os.Setenv("HOME", u.HomeDir) | ||||||
|  | 	os.Setenv("TERM", "vt102") // TODO: server or client option?
 | ||||||
|  | 
 | ||||||
| 	var c *exec.Cmd | 	var c *exec.Cmd | ||||||
| 	if interactive { | 	if interactive { | ||||||
| 		c = exec.Command("/bin/bash", "-i") | 		c = exec.Command("/bin/bash", "-i", "-l") | ||||||
| 	} else { | 	} else { | ||||||
| 		c = exec.Command("/bin/bash", "-c", cmd) | 		c = exec.Command("/bin/bash", "-c", cmd) | ||||||
| 	} | 	} | ||||||
|  | 	//If os.Clearenv() isn't called by server above these will be seen in the
 | ||||||
|  | 	//client's session env.
 | ||||||
|  | 	//c.Env = []string{"HOME=" + u.HomeDir, "SUDO_GID=", "SUDO_UID=", "SUDO_USER=", "SUDO_COMMAND=", "MAIL=", "LOGNAME="+who}
 | ||||||
|  | 	c.Dir = u.HomeDir | ||||||
| 	c.SysProcAttr = &syscall.SysProcAttr{} | 	c.SysProcAttr = &syscall.SysProcAttr{} | ||||||
| 	c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid} | 	c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid} | ||||||
| 	c.Stdin = conn | 	c.Stdin = conn | ||||||
|  | @ -215,14 +230,14 @@ func main() { | ||||||
| 				// Returned hopefully via an EOF or exit/logout;
 | 				// Returned hopefully via an EOF or exit/logout;
 | ||||||
| 				// Clear current op so user can enter next, or EOF
 | 				// Clear current op so user can enter next, or EOF
 | ||||||
| 				rec.op[0] = 0 | 				rec.op[0] = 0 | ||||||
| 				log.Println("[Command complete]") | 				fmt.Println("[Command complete]") | ||||||
| 			} else if rec.op[0] == 's' { | 			} else if rec.op[0] == 's' { | ||||||
| 				log.Println("[Running shell]") | 				log.Println("[Running shell]") | ||||||
| 				runShellAs(string(rec.who), string(rec.cmd), true, conn) | 				runShellAs(string(rec.who), string(rec.cmd), true, conn) | ||||||
| 				// Returned hopefully via an EOF or exit/logout;
 | 				// Returned hopefully via an EOF or exit/logout;
 | ||||||
| 				// Clear current op so user can enter next, or EOF
 | 				// Clear current op so user can enter next, or EOF
 | ||||||
| 				rec.op[0] = 0 | 				rec.op[0] = 0 | ||||||
| 				log.Println("[Exiting shell]") | 				fmt.Println("[Exiting shell]") | ||||||
| 			} else { | 			} else { | ||||||
| 				log.Println("[Bad cmdSpec]") | 				log.Println("[Bad cmdSpec]") | ||||||
| 			} | 			} | ||||||
|  |  | ||||||
							
								
								
									
										12
									
								
								hkexnet.go
								
								
								
								
							
							
						
						
									
										12
									
								
								hkexnet.go
								
								
								
								
							|  | @ -225,14 +225,22 @@ func Listen(protocol string, ipport string) (hl HKExListener, e error) { | ||||||
| 	return | 	return | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
| // Close a hkex Listener
 | // Close a hkex Listener - closes the Listener.
 | ||||||
|  | // Any blocked Accept operations will be unblocked and return errors.
 | ||||||
| //
 | //
 | ||||||
| // See go doc io.Close
 | // See go doc net.Listener.Close
 | ||||||
| func (hl HKExListener) Close() error { | func (hl HKExListener) Close() error { | ||||||
| 	log.Println("[Listener Closed]") | 	log.Println("[Listener Closed]") | ||||||
| 	return hl.l.Close() | 	return hl.l.Close() | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | // Addr returns a the listener's network address.
 | ||||||
|  | //
 | ||||||
|  | // See go doc net.Listener.Addr
 | ||||||
|  | func (hl HKExListener) Addr() net.Addr { | ||||||
|  | 		return hl.l.Addr() | ||||||
|  | } | ||||||
|  | 
 | ||||||
| // Accept a client connection, conforming to net.Listener.Accept()
 | // Accept a client connection, conforming to net.Listener.Accept()
 | ||||||
| //
 | //
 | ||||||
| // See go doc net.Listener.Accept
 | // See go doc net.Listener.Accept
 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue