mirror of https://gogs.blitter.com/RLabs/xs
Partial fixes to client login env; Added missing Conn.Listener interface methods to hkex.Conn.Listener
This commit is contained in:
parent
52423b7144
commit
2b44c87815
15
README.md
15
README.md
|
@ -1,14 +1,17 @@
|
||||||
Package herradurakex is a drop-in replacement for golang/pkg/net facilities
|
Package herradurakex is a drop-in replacement for golang/pkg/net facilities
|
||||||
(net.Dial(), net.Listen(), net.Accept() and the net.Conn type) using the
|
(net.Dial(), net.Listen(), net.Accept() and the net.Conn type), yielding
|
||||||
experimental HerraduraKEx key exchange algorithm, first released at
|
'secure' sockets using the experimental HerraduraKEx key exchange algorithm
|
||||||
(Omar Elejandro Herrera Reyna's github page)[github.com/Caume/HerraduraKEx].
|
first released by (Omar Elejandro Herrera Reyna's github page)[github.com/Caume/HerraduraKEx].
|
||||||
|
|
||||||
One can simply replace calls to net.Dial() with hkex.Dial(), and likewise
|
One can simply replace calls to net.Dial() with hkex.Dial(), and likewise
|
||||||
net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming
|
net.Listen() with hkex.Listen(), to obtain connections (hkex.Conn) conforming
|
||||||
to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange
|
to the basic net.Conn interface. Upon Dial(), the HerraduraKEx key exchange
|
||||||
is initiated (whereby client and server independently derive the same
|
is initiated (whereby client and server independently derive the same
|
||||||
keying material) and session algorithms to be used are exchanged allowing an
|
keying material).
|
||||||
encrypted channel between client and server.
|
|
||||||
|
Above this layer, apps (such as the demo/server/ and demo/client code) can
|
||||||
|
then negotiate session settings (cipher/hmac algorithms, etc.) to be used
|
||||||
|
for further communication.
|
||||||
|
|
||||||
NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to
|
NOTE: Due to the experimental nature of the HerraduraKEx algorithm used to
|
||||||
derive crypto keying material on each end, this algorithm and the
|
derive crypto keying material on each end, this algorithm and the
|
||||||
|
@ -40,7 +43,7 @@ $ go build demo/client/client.go && go build demo/server/server.go
|
||||||
$ go build demo/hkexpasswd/hkexpasswd.go
|
$ go build demo/hkexpasswd/hkexpasswd.go
|
||||||
|
|
||||||
[To set accounts & passwords]
|
[To set accounts & passwords]
|
||||||
$ sudo echo "joebloggs:*:*:*" >/etc/hkex.passwd
|
$ sudo echo "joebloggs:*:*:*" >/etc/hkexsh.passwd
|
||||||
$ sudo ./hkexpasswd -u joebloggs
|
$ sudo ./hkexpasswd -u joebloggs
|
||||||
|
|
||||||
[ in separate shells ]
|
[ in separate shells ]
|
||||||
|
|
|
@ -78,12 +78,27 @@ func runShellAs(who string, cmd string, interactive bool, conn hkex.Conn) (err e
|
||||||
fmt.Sscanf(u.Gid, "%d", &gid)
|
fmt.Sscanf(u.Gid, "%d", &gid)
|
||||||
fmt.Println("uid:", uid, "gid:", gid)
|
fmt.Println("uid:", uid, "gid:", gid)
|
||||||
|
|
||||||
|
// Need to clear server's env and set key vars of the
|
||||||
|
// target user. This isn't perfect (TERM doesn't seem to
|
||||||
|
// work 100%; ANSI/xterm colour isn't working even
|
||||||
|
// if we set "xterm" or "ansi" here; and line count
|
||||||
|
// reported by 'stty -a' defaults to 24 regardless
|
||||||
|
// of client shell window used to run client.
|
||||||
|
// Investigate -- rlm 2018-01-26)
|
||||||
|
os.Clearenv()
|
||||||
|
os.Setenv("HOME", u.HomeDir)
|
||||||
|
os.Setenv("TERM", "vt102") // TODO: server or client option?
|
||||||
|
|
||||||
var c *exec.Cmd
|
var c *exec.Cmd
|
||||||
if interactive {
|
if interactive {
|
||||||
c = exec.Command("/bin/bash", "-i")
|
c = exec.Command("/bin/bash", "-i", "-l")
|
||||||
} else {
|
} else {
|
||||||
c = exec.Command("/bin/bash", "-c", cmd)
|
c = exec.Command("/bin/bash", "-c", cmd)
|
||||||
}
|
}
|
||||||
|
//If os.Clearenv() isn't called by server above these will be seen in the
|
||||||
|
//client's session env.
|
||||||
|
//c.Env = []string{"HOME=" + u.HomeDir, "SUDO_GID=", "SUDO_UID=", "SUDO_USER=", "SUDO_COMMAND=", "MAIL=", "LOGNAME="+who}
|
||||||
|
c.Dir = u.HomeDir
|
||||||
c.SysProcAttr = &syscall.SysProcAttr{}
|
c.SysProcAttr = &syscall.SysProcAttr{}
|
||||||
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
|
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
|
||||||
c.Stdin = conn
|
c.Stdin = conn
|
||||||
|
@ -215,14 +230,14 @@ func main() {
|
||||||
// Returned hopefully via an EOF or exit/logout;
|
// Returned hopefully via an EOF or exit/logout;
|
||||||
// Clear current op so user can enter next, or EOF
|
// Clear current op so user can enter next, or EOF
|
||||||
rec.op[0] = 0
|
rec.op[0] = 0
|
||||||
log.Println("[Command complete]")
|
fmt.Println("[Command complete]")
|
||||||
} else if rec.op[0] == 's' {
|
} else if rec.op[0] == 's' {
|
||||||
log.Println("[Running shell]")
|
log.Println("[Running shell]")
|
||||||
runShellAs(string(rec.who), string(rec.cmd), true, conn)
|
runShellAs(string(rec.who), string(rec.cmd), true, conn)
|
||||||
// Returned hopefully via an EOF or exit/logout;
|
// Returned hopefully via an EOF or exit/logout;
|
||||||
// Clear current op so user can enter next, or EOF
|
// Clear current op so user can enter next, or EOF
|
||||||
rec.op[0] = 0
|
rec.op[0] = 0
|
||||||
log.Println("[Exiting shell]")
|
fmt.Println("[Exiting shell]")
|
||||||
} else {
|
} else {
|
||||||
log.Println("[Bad cmdSpec]")
|
log.Println("[Bad cmdSpec]")
|
||||||
}
|
}
|
||||||
|
|
12
hkexnet.go
12
hkexnet.go
|
@ -225,14 +225,22 @@ func Listen(protocol string, ipport string) (hl HKExListener, e error) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Close a hkex Listener
|
// Close a hkex Listener - closes the Listener.
|
||||||
|
// Any blocked Accept operations will be unblocked and return errors.
|
||||||
//
|
//
|
||||||
// See go doc io.Close
|
// See go doc net.Listener.Close
|
||||||
func (hl HKExListener) Close() error {
|
func (hl HKExListener) Close() error {
|
||||||
log.Println("[Listener Closed]")
|
log.Println("[Listener Closed]")
|
||||||
return hl.l.Close()
|
return hl.l.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Addr returns a the listener's network address.
|
||||||
|
//
|
||||||
|
// See go doc net.Listener.Addr
|
||||||
|
func (hl HKExListener) Addr() net.Addr {
|
||||||
|
return hl.l.Addr()
|
||||||
|
}
|
||||||
|
|
||||||
// Accept a client connection, conforming to net.Listener.Accept()
|
// Accept a client connection, conforming to net.Listener.Accept()
|
||||||
//
|
//
|
||||||
// See go doc net.Listener.Accept
|
// See go doc net.Listener.Accept
|
||||||
|
|
Loading…
Reference in New Issue