mirror of https://gogs.blitter.com/RLabs/xs
golint cleanup
This commit is contained in:
parent
3325bb3a4e
commit
bd0b48d98f
168
xsd/xsd.go
168
xsd/xsd.go
|
@ -16,7 +16,6 @@ import (
|
||||||
"flag"
|
"flag"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
"os/exec"
|
"os/exec"
|
||||||
|
@ -47,6 +46,11 @@ var (
|
||||||
Log *logger.Writer
|
Log *logger.Writer
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
AuthTokenLen = 64
|
||||||
|
LoginTimeoutSecs = 30
|
||||||
|
)
|
||||||
|
|
||||||
func ioctl(fd, request, argp uintptr) error {
|
func ioctl(fd, request, argp uintptr) error {
|
||||||
if _, _, e := syscall.Syscall6(syscall.SYS_IOCTL, fd, request, argp, 0, 0, 0); e != 0 {
|
if _, _, e := syscall.Syscall6(syscall.SYS_IOCTL, fd, request, argp, 0, 0, 0); e != 0 {
|
||||||
return e
|
return e
|
||||||
|
@ -66,10 +70,10 @@ func ptsName(fd uintptr) (string, error) {
|
||||||
/* -------------------------------------------------------------- */
|
/* -------------------------------------------------------------- */
|
||||||
// Perform a client->server copy
|
// Perform a client->server copy
|
||||||
func runClientToServerCopyAs(who, ttype string, conn *xsnet.Conn, fpath string, chaffing bool) (exitStatus uint32, err error) {
|
func runClientToServerCopyAs(who, ttype string, conn *xsnet.Conn, fpath string, chaffing bool) (exitStatus uint32, err error) {
|
||||||
u, _ := user.Lookup(who) // nolint: gosec
|
u, _ := user.Lookup(who)
|
||||||
var uid, gid uint32
|
var uid, gid uint32
|
||||||
fmt.Sscanf(u.Uid, "%d", &uid) // nolint: gosec,errcheck
|
fmt.Sscanf(u.Uid, "%d", &uid)
|
||||||
fmt.Sscanf(u.Gid, "%d", &gid) // nolint: gosec,errcheck
|
fmt.Sscanf(u.Gid, "%d", &gid)
|
||||||
log.Println("uid:", uid, "gid:", gid)
|
log.Println("uid:", uid, "gid:", gid)
|
||||||
|
|
||||||
// Need to clear server's env and set key vars of the
|
// Need to clear server's env and set key vars of the
|
||||||
|
@ -80,9 +84,9 @@ func runClientToServerCopyAs(who, ttype string, conn *xsnet.Conn, fpath string,
|
||||||
// of client shell window used to run client.
|
// of client shell window used to run client.
|
||||||
// Investigate -- rlm 2018-01-26)
|
// Investigate -- rlm 2018-01-26)
|
||||||
os.Clearenv()
|
os.Clearenv()
|
||||||
os.Setenv("HOME", u.HomeDir) // nolint: gosec,errcheck
|
os.Setenv("HOME", u.HomeDir)
|
||||||
os.Setenv("TERM", ttype) // nolint: gosec,errcheck
|
os.Setenv("TERM", ttype)
|
||||||
os.Setenv("XS_SESSION", "1") // nolint: gosec,errcheck
|
os.Setenv("XS_SESSION", "1")
|
||||||
|
|
||||||
var c *exec.Cmd
|
var c *exec.Cmd
|
||||||
cmdName := xs.GetTool("tar")
|
cmdName := xs.GetTool("tar")
|
||||||
|
@ -101,7 +105,7 @@ func runClientToServerCopyAs(who, ttype string, conn *xsnet.Conn, fpath string,
|
||||||
// (as this isn't input from a shell) (right? -rlm 20180823)
|
// (as this isn't input from a shell) (right? -rlm 20180823)
|
||||||
//cmdArgs := []string{"-x", "-C", destDir, `--xform=s#.*/\(.*\)#\1#`}
|
//cmdArgs := []string{"-x", "-C", destDir, `--xform=s#.*/\(.*\)#\1#`}
|
||||||
fmt.Println(cmdName, cmdArgs)
|
fmt.Println(cmdName, cmdArgs)
|
||||||
c = exec.Command(cmdName, cmdArgs...) // nolint: gosec
|
c = exec.Command(cmdName, cmdArgs...)
|
||||||
|
|
||||||
c.Dir = destDir
|
c.Dir = destDir
|
||||||
|
|
||||||
|
@ -173,8 +177,8 @@ func runServerToClientCopyAs(who, ttype string, conn *xsnet.Conn, srcPath string
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var uid, gid uint32
|
var uid, gid uint32
|
||||||
_, _ = fmt.Sscanf(u.Uid, "%d", &uid) // nolint: gosec
|
_, _ = fmt.Sscanf(u.Uid, "%d", &uid)
|
||||||
_, _ = fmt.Sscanf(u.Gid, "%d", &gid) // nolint: gosec
|
_, _ = fmt.Sscanf(u.Gid, "%d", &gid)
|
||||||
log.Println("uid:", uid, "gid:", gid)
|
log.Println("uid:", uid, "gid:", gid)
|
||||||
|
|
||||||
// Need to clear server's env and set key vars of the
|
// Need to clear server's env and set key vars of the
|
||||||
|
@ -185,9 +189,9 @@ func runServerToClientCopyAs(who, ttype string, conn *xsnet.Conn, srcPath string
|
||||||
// of client shell window used to run client.
|
// of client shell window used to run client.
|
||||||
// Investigate -- rlm 2018-01-26)
|
// Investigate -- rlm 2018-01-26)
|
||||||
os.Clearenv()
|
os.Clearenv()
|
||||||
_ = os.Setenv("HOME", u.HomeDir) // nolint: gosec
|
_ = os.Setenv("HOME", u.HomeDir)
|
||||||
_ = os.Setenv("TERM", ttype) // nolint: gosec
|
_ = os.Setenv("TERM", ttype)
|
||||||
_ = os.Setenv("XS_SESSION", "1") // nolint: gosec
|
_ = os.Setenv("XS_SESSION", "1")
|
||||||
|
|
||||||
var c *exec.Cmd
|
var c *exec.Cmd
|
||||||
cmdName := xs.GetTool("tar")
|
cmdName := xs.GetTool("tar")
|
||||||
|
@ -198,7 +202,7 @@ func runServerToClientCopyAs(who, ttype string, conn *xsnet.Conn, srcPath string
|
||||||
srcDir, srcBase := path.Split(srcPath)
|
srcDir, srcBase := path.Split(srcPath)
|
||||||
cmdArgs := []string{"-cz", "-C", srcDir, "-f", "-", srcBase}
|
cmdArgs := []string{"-cz", "-C", srcDir, "-f", "-", srcBase}
|
||||||
|
|
||||||
c = exec.Command(cmdName, cmdArgs...) // nolint: gosec
|
c = exec.Command(cmdName, cmdArgs...)
|
||||||
|
|
||||||
//If os.Clearenv() isn't called by server above these will be seen in the
|
//If os.Clearenv() isn't called by server above these will be seen in the
|
||||||
//client's session env.
|
//client's session env.
|
||||||
|
@ -252,11 +256,10 @@ func runServerToClientCopyAs(who, ttype string, conn *xsnet.Conn, srcPath string
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
// Run a command (via default shell) as a specific user
|
// Run a command (via default shell) as a specific user. Uses
|
||||||
//
|
// ptys to support commands which expect a terminal. //nolint:gofmt
|
||||||
// Uses ptys to support commands which expect a terminal.
|
func runShellAs(who, hname, ttype, cmd string, interactive bool, //nolint:funlen
|
||||||
// nolint: gocyclo
|
conn *xsnet.Conn, chaffing bool) (exitStatus uint32, err error) {
|
||||||
func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Conn, chaffing bool) (exitStatus uint32, err error) {
|
|
||||||
var wg sync.WaitGroup
|
var wg sync.WaitGroup
|
||||||
u, err := user.Lookup(who)
|
u, err := user.Lookup(who)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -264,8 +267,8 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
var uid, gid uint32
|
var uid, gid uint32
|
||||||
_, _ = fmt.Sscanf(u.Uid, "%d", &uid) // nolint: gosec
|
_, _ = fmt.Sscanf(u.Uid, "%d", &uid)
|
||||||
_, _ = fmt.Sscanf(u.Gid, "%d", &gid) // nolint: gosec
|
_, _ = fmt.Sscanf(u.Gid, "%d", &gid)
|
||||||
log.Println("uid:", uid, "gid:", gid)
|
log.Println("uid:", uid, "gid:", gid)
|
||||||
|
|
||||||
// Need to clear server's env and set key vars of the
|
// Need to clear server's env and set key vars of the
|
||||||
|
@ -276,9 +279,9 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con
|
||||||
// of client shell window used to run client.
|
// of client shell window used to run client.
|
||||||
// Investigate -- rlm 2018-01-26)
|
// Investigate -- rlm 2018-01-26)
|
||||||
os.Clearenv()
|
os.Clearenv()
|
||||||
_ = os.Setenv("HOME", u.HomeDir) // nolint: gosec
|
_ = os.Setenv("HOME", u.HomeDir)
|
||||||
_ = os.Setenv("TERM", ttype) // nolint: gosec
|
_ = os.Setenv("TERM", ttype)
|
||||||
_ = os.Setenv("XS_SESSION", "1") // nolint: gosec
|
_ = os.Setenv("XS_SESSION", "1")
|
||||||
|
|
||||||
var c *exec.Cmd
|
var c *exec.Cmd
|
||||||
|
|
||||||
|
@ -294,18 +297,18 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con
|
||||||
// automagically, at the cost of another external tool
|
// automagically, at the cost of another external tool
|
||||||
// dependency.
|
// dependency.
|
||||||
//
|
//
|
||||||
c = exec.Command(xs.GetTool("login"), "-f", "-p", who) // nolint: gosec
|
c = exec.Command(xs.GetTool("login"), "-f", "-p", who) //nolint:gosec
|
||||||
} else {
|
} else {
|
||||||
// Using our separate login via local passwd file
|
// Using our separate login via local passwd file
|
||||||
//
|
//
|
||||||
// Note we must drop privs ourselves for the user shell
|
// Note we must drop privs ourselves for the user shell
|
||||||
//
|
//
|
||||||
c = exec.Command(xs.GetTool("bash"), "-i", "-l") // nolint: gosec
|
c = exec.Command(xs.GetTool("bash"), "-i", "-l") //nolint:gosec
|
||||||
c.SysProcAttr = &syscall.SysProcAttr{}
|
c.SysProcAttr = &syscall.SysProcAttr{}
|
||||||
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
|
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
c = exec.Command(xs.GetTool("bash"), "-c", cmd) // nolint: gosec
|
c = exec.Command(xs.GetTool("bash"), "-c", cmd) //nolint:gosec
|
||||||
c.SysProcAttr = &syscall.SysProcAttr{}
|
c.SysProcAttr = &syscall.SysProcAttr{}
|
||||||
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
|
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
|
||||||
}
|
}
|
||||||
|
@ -325,7 +328,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con
|
||||||
defer func() {
|
defer func() {
|
||||||
//logger.LogDebug(fmt.Sprintf("[Exited process was %d]", c.Process.Pid))
|
//logger.LogDebug(fmt.Sprintf("[Exited process was %d]", c.Process.Pid))
|
||||||
_ = ptmx.Close()
|
_ = ptmx.Close()
|
||||||
}() // nolint: gosec
|
}()
|
||||||
|
|
||||||
// get pty info for system accounting (who, lastlog)
|
// get pty info for system accounting (who, lastlog)
|
||||||
pts, pe := ptsName(ptmx.Fd())
|
pts, pe := ptsName(ptmx.Fd())
|
||||||
|
@ -345,7 +348,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con
|
||||||
go func() {
|
go func() {
|
||||||
for sz := range conn.WinCh {
|
for sz := range conn.WinCh {
|
||||||
log.Printf("[Setting term size to: %v %v]\n", sz.Rows, sz.Cols)
|
log.Printf("[Setting term size to: %v %v]\n", sz.Rows, sz.Cols)
|
||||||
pty.Setsize(ptmx, &pty.Winsize{Rows: sz.Rows, Cols: sz.Cols}) // nolint: gosec,errcheck
|
pty.Setsize(ptmx, &pty.Winsize{Rows: sz.Rows, Cols: sz.Cols}) //nolint:errcheck
|
||||||
}
|
}
|
||||||
log.Println("*** WinCh goroutine done ***")
|
log.Println("*** WinCh goroutine done ***")
|
||||||
}()
|
}()
|
||||||
|
@ -406,7 +409,7 @@ func runShellAs(who, hname, ttype, cmd string, interactive bool, conn *xsnet.Con
|
||||||
}
|
}
|
||||||
conn.SetStatus(xsnet.CSOType(exitStatus))
|
conn.SetStatus(xsnet.CSOType(exitStatus))
|
||||||
} else {
|
} else {
|
||||||
logger.LogDebug("*** Main proc has exited. ***")
|
logger.LogDebug("*** Main proc has exited. ***") //nolint:errcheck
|
||||||
// Background jobs still may be running; close the
|
// Background jobs still may be running; close the
|
||||||
// pty anyway, so the client can return before
|
// pty anyway, so the client can return before
|
||||||
// wg.Wait() below completes (Issue #18)
|
// wg.Wait() below completes (Issue #18)
|
||||||
|
@ -428,8 +431,8 @@ func GenAuthToken(who string, connhost string) string {
|
||||||
//}
|
//}
|
||||||
hname := connhost
|
hname := connhost
|
||||||
|
|
||||||
token := make([]byte, 64)
|
token := make([]byte, AuthTokenLen)
|
||||||
_, _ = rand.Read(token) // nolint: gosec
|
_, _ = rand.Read(token)
|
||||||
return fmt.Sprintf("%s:%s:%s", hname, who, hex.EncodeToString(token))
|
return fmt.Sprintf("%s:%s:%s", hname, who, hex.EncodeToString(token))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -505,7 +508,7 @@ func (a *allowedHMACAlgs) Set(value string) error {
|
||||||
// daemon dies, all clients will be rudely disconnected.
|
// daemon dies, all clients will be rudely disconnected.
|
||||||
// Consider this when planning to restart or upgrade in-place an installation.
|
// Consider this when planning to restart or upgrade in-place an installation.
|
||||||
// TODO: reduce gocyclo
|
// TODO: reduce gocyclo
|
||||||
func main() {
|
func main() { //nolint:funlen,gocyclo
|
||||||
var vopt bool
|
var vopt bool
|
||||||
var chaffEnabled bool
|
var chaffEnabled bool
|
||||||
var chaffFreqMin uint
|
var chaffFreqMin uint
|
||||||
|
@ -518,16 +521,15 @@ func main() {
|
||||||
|
|
||||||
flag.BoolVar(&vopt, "v", false, "show version")
|
flag.BoolVar(&vopt, "v", false, "show version")
|
||||||
flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen")
|
flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen")
|
||||||
flag.StringVar(&kcpMode, "K", "unused", `set to one of ["KCP_NONE","KCP_AES", "KCP_BLOWFISH", "KCP_CAST5", "KCP_SM4", "KCP_SALSA20", "KCP_SIMPLEXOR", "KCP_TEA", "KCP_3DES", "KCP_TWOFISH", "KCP_XTEA"] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP`)
|
flag.StringVar(&kcpMode, "K", "unused", `set to one of ["KCP_NONE","KCP_AES", "KCP_BLOWFISH", "KCP_CAST5", "KCP_SM4", "KCP_SALSA20", "KCP_SIMPLEXOR", "KCP_TEA", "KCP_3DES", "KCP_TWOFISH", "KCP_XTEA"] to use KCP (github.com/xtaci/kcp-go) reliable UDP instead of TCP`) //nolint:lll
|
||||||
flag.BoolVar(&useSysLogin, "L", false, "use system login")
|
flag.BoolVar(&useSysLogin, "L", false, "use system login")
|
||||||
flag.BoolVar(&chaffEnabled, "e", true, "enable chaff pkts")
|
flag.BoolVar(&chaffEnabled, "e", true, "enable chaff pkts")
|
||||||
flag.UintVar(&chaffFreqMin, "f", 100, "chaff pkt freq min (msecs)")
|
flag.UintVar(&chaffFreqMin, "f", 100, "chaff pkt freq min (msecs)") //nolint:gomnd
|
||||||
flag.UintVar(&chaffFreqMax, "F", 5000, "chaff pkt freq max (msecs)")
|
flag.UintVar(&chaffFreqMax, "F", 5000, "chaff pkt freq max (msecs)") //nolint:gomnd
|
||||||
flag.UintVar(&chaffBytesMax, "B", 64, "chaff pkt size max (bytes)")
|
flag.UintVar(&chaffBytesMax, "B", 64, "chaff pkt size max (bytes)") //nolint:gomnd
|
||||||
flag.BoolVar(&useSystemPasswd, "s", true, "use system shadow passwds")
|
flag.BoolVar(&useSystemPasswd, "s", true, "use system shadow passwds")
|
||||||
flag.BoolVar(&dbg, "d", false, "debug logging")
|
flag.BoolVar(&dbg, "d", false, "debug logging")
|
||||||
|
flag.Var(&aKEXAlgs, "aK", "Allowed KEX `alg`s (eg. '-aK KEXAlgA -aK KEXAlgB ...')"+`
|
||||||
flag.Var(&aKEXAlgs, "aK", "Allowed KEX `alg`s (eg. '-aK KEXAlgA -aK KEXAlgB ...')" + `
|
|
||||||
KEX_all
|
KEX_all
|
||||||
KEX_HERRADURA256
|
KEX_HERRADURA256
|
||||||
KEX_HERRADURA512
|
KEX_HERRADURA512
|
||||||
|
@ -542,7 +544,7 @@ func main() {
|
||||||
KEX_FRODOKEM_1344SHAKE
|
KEX_FRODOKEM_1344SHAKE
|
||||||
KEX_FRODOKEM_976AES
|
KEX_FRODOKEM_976AES
|
||||||
KEX_FRODOKEM_976SHAKE`)
|
KEX_FRODOKEM_976SHAKE`)
|
||||||
flag.Var(&aCipherAlgs, "aC", "Allowed `cipher`s (eg. '-aC CAlgA -aC CAlgB ...')" + `
|
flag.Var(&aCipherAlgs, "aC", "Allowed `cipher`s (eg. '-aC CAlgA -aC CAlgB ...')"+`
|
||||||
C_all
|
C_all
|
||||||
C_AES_256
|
C_AES_256
|
||||||
C_TWOFISH_128
|
C_TWOFISH_128
|
||||||
|
@ -550,7 +552,7 @@ func main() {
|
||||||
C_CRYPTMT1
|
C_CRYPTMT1
|
||||||
C_HOPSCOTCH
|
C_HOPSCOTCH
|
||||||
C_CHACHA20_12`)
|
C_CHACHA20_12`)
|
||||||
flag.Var(&aHMACAlgs, "aH", "Allowed `HMAC`s (eg. '-aH HMACAlgA -aH HMACAlgB ...')" + `
|
flag.Var(&aHMACAlgs, "aH", "Allowed `HMAC`s (eg. '-aH HMACAlgA -aH HMACAlgB ...')"+`
|
||||||
H_all
|
H_all
|
||||||
H_SHA256
|
H_SHA256
|
||||||
H_SHA512`)
|
H_SHA512`)
|
||||||
|
@ -570,7 +572,7 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Enforce some sane min/max vals on chaff flags
|
// Enforce some sane min/max vals on chaff flags
|
||||||
if chaffFreqMin < 2 {
|
if chaffFreqMin < 2 { //nolint:gomnd
|
||||||
chaffFreqMin = 2
|
chaffFreqMin = 2
|
||||||
}
|
}
|
||||||
if chaffFreqMax == 0 {
|
if chaffFreqMax == 0 {
|
||||||
|
@ -580,49 +582,49 @@ func main() {
|
||||||
chaffBytesMax = 64
|
chaffBytesMax = 64
|
||||||
}
|
}
|
||||||
|
|
||||||
Log, _ = logger.New(logger.LOG_DAEMON|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xsd") // nolint: gosec
|
Log, _ = logger.New(logger.LOG_DAEMON|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR, "xsd")
|
||||||
xsnet.Init(dbg, "xsd", logger.LOG_DAEMON|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR)
|
xsnet.Init(dbg, "xsd", logger.LOG_DAEMON|logger.LOG_DEBUG|logger.LOG_NOTICE|logger.LOG_ERR)
|
||||||
if dbg {
|
if dbg {
|
||||||
log.SetOutput(Log)
|
log.SetOutput(Log)
|
||||||
} else {
|
} else {
|
||||||
log.SetOutput(ioutil.Discard)
|
log.SetOutput(io.Discard)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set up allowed algs, if specified (default allow all)
|
// Set up allowed algs, if specified (default allow all)
|
||||||
if len(aKEXAlgs) == 0 {
|
if len(aKEXAlgs) == 0 {
|
||||||
aKEXAlgs = []string{"none"}
|
aKEXAlgs = []string{"none"}
|
||||||
}
|
}
|
||||||
logger.LogNotice(fmt.Sprintf("Allowed KEXAlgs: %v\n", aKEXAlgs)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("Allowed KEXAlgs: %v\n", aKEXAlgs)) //nolint:errcheck
|
||||||
|
|
||||||
if len(aCipherAlgs) == 0 {
|
if len(aCipherAlgs) == 0 {
|
||||||
aCipherAlgs = []string{"none"}
|
aCipherAlgs = []string{"none"}
|
||||||
}
|
}
|
||||||
logger.LogNotice(fmt.Sprintf("Allowed CipherAlgs: %v\n", aCipherAlgs)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("Allowed CipherAlgs: %v\n", aCipherAlgs)) //nolint:errcheck
|
||||||
|
|
||||||
if len(aHMACAlgs) == 0 {
|
if len(aHMACAlgs) == 0 {
|
||||||
aHMACAlgs = []string{"none"}
|
aHMACAlgs = []string{"none"}
|
||||||
}
|
}
|
||||||
logger.LogNotice(fmt.Sprintf("Allowed HMACAlgs: %v\n", aHMACAlgs)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("Allowed HMACAlgs: %v\n", aHMACAlgs)) //nolint:errcheck
|
||||||
|
|
||||||
// Set up handler for daemon signalling
|
// Set up handler for daemon signalling
|
||||||
exitCh := make(chan os.Signal, 1)
|
exitCh := make(chan os.Signal, 1)
|
||||||
signal.Notify(exitCh, os.Signal(syscall.SIGTERM), os.Signal(syscall.SIGINT), os.Signal(syscall.SIGHUP), os.Signal(syscall.SIGUSR1), os.Signal(syscall.SIGUSR2))
|
signal.Notify(exitCh, os.Signal(syscall.SIGTERM), os.Signal(syscall.SIGINT), os.Signal(syscall.SIGHUP), os.Signal(syscall.SIGUSR1), os.Signal(syscall.SIGUSR2)) //nolint:lll
|
||||||
go func() {
|
go func() {
|
||||||
for {
|
for {
|
||||||
sig := <-exitCh
|
sig := <-exitCh
|
||||||
switch sig.String() {
|
switch sig.String() {
|
||||||
case "terminated":
|
case "terminated":
|
||||||
logger.LogNotice(fmt.Sprintf("[Got signal: %s]", sig)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Got signal: %s]", sig)) //nolint:errcheck
|
||||||
signal.Reset()
|
signal.Reset()
|
||||||
syscall.Kill(0, syscall.SIGTERM) // nolint: gosec,errcheck
|
syscall.Kill(0, syscall.SIGTERM) //nolint:errcheck
|
||||||
case "interrupt":
|
case "interrupt":
|
||||||
logger.LogNotice(fmt.Sprintf("[Got signal: %s]", sig)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Got signal: %s]", sig)) //nolint:errcheck
|
||||||
signal.Reset()
|
signal.Reset()
|
||||||
syscall.Kill(0, syscall.SIGINT) // nolint: gosec,errcheck
|
syscall.Kill(0, syscall.SIGINT) //nolint:errcheck
|
||||||
case "hangup":
|
case "hangup":
|
||||||
logger.LogNotice(fmt.Sprintf("[Got signal: %s - nop]", sig)) // nolint:gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Got signal: %s - nop]", sig)) //nolint:errcheck
|
||||||
default:
|
default:
|
||||||
logger.LogNotice(fmt.Sprintf("[Got signal: %s - ignored]", sig)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Got signal: %s - ignored]", sig)) //nolint:errcheck
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
@ -635,7 +637,7 @@ func main() {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
}
|
}
|
||||||
defer l.Close() // nolint: errcheck
|
defer l.Close()
|
||||||
|
|
||||||
log.Println("Serving on", laddr)
|
log.Println("Serving on", laddr)
|
||||||
for {
|
for {
|
||||||
|
@ -669,12 +671,12 @@ func main() {
|
||||||
// The loop then returns to accepting, so that
|
// The loop then returns to accepting, so that
|
||||||
// multiple connections may be served concurrently.
|
// multiple connections may be served concurrently.
|
||||||
go func(hc *xsnet.Conn) (e error) {
|
go func(hc *xsnet.Conn) (e error) {
|
||||||
defer hc.Close() // nolint: errcheck
|
defer hc.Close()
|
||||||
|
|
||||||
// Start login timeout here and disconnect if user/pass phase stalls
|
// Start login timeout here and disconnect if user/pass phase stalls
|
||||||
loginTimeout := time.AfterFunc(30*time.Second, func() {
|
loginTimeout := time.AfterFunc(LoginTimeoutSecs*time.Second, func() {
|
||||||
logger.LogNotice(fmt.Sprintln("Login timed out")) // nolint: errcheck,gosec
|
logger.LogNotice(fmt.Sprintln("Login timed out")) //nolint:errcheck
|
||||||
hc.Write([]byte{0}) // nolint: gosec,errcheck
|
hc.Write([]byte{0}) //nolint:errcheck
|
||||||
hc.Close()
|
hc.Close()
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -763,10 +765,10 @@ func main() {
|
||||||
|
|
||||||
// Tell client if auth was valid
|
// Tell client if auth was valid
|
||||||
if valid {
|
if valid {
|
||||||
hc.Write([]byte{1}) // nolint: gosec,errcheck
|
hc.Write([]byte{1}) //nolint:errcheck
|
||||||
} else {
|
} else {
|
||||||
logger.LogNotice(fmt.Sprintln("Invalid user", string(rec.Who()))) // nolint: errcheck,gosec
|
logger.LogNotice(fmt.Sprintln("Invalid user", string(rec.Who()))) //nolint:errcheck
|
||||||
hc.Write([]byte{0}) // nolint: gosec,errcheck
|
hc.Write([]byte{0}) //nolint:errcheck
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -776,15 +778,15 @@ func main() {
|
||||||
// Generate automated login token
|
// Generate automated login token
|
||||||
addr := hc.RemoteAddr()
|
addr := hc.RemoteAddr()
|
||||||
hname := goutmp.GetHost(addr.String())
|
hname := goutmp.GetHost(addr.String())
|
||||||
logger.LogNotice(fmt.Sprintf("[Generating autologin token for [%s@%s]]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Generating autologin token for [%s@%s]]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
token := GenAuthToken(string(rec.Who()), string(rec.ConnHost()))
|
token := GenAuthToken(string(rec.Who()), string(rec.ConnHost()))
|
||||||
tokenCmd := fmt.Sprintf("echo \"%s\" | tee -a ~/.xs_id", token)
|
tokenCmd := fmt.Sprintf("echo %q | tee -a ~/.xs_id", token)
|
||||||
cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), tokenCmd, false, hc, chaffEnabled)
|
cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), tokenCmd, false, hc, chaffEnabled)
|
||||||
// Returned hopefully via an EOF or exit/logout;
|
// Returned hopefully via an EOF or exit/logout;
|
||||||
// Clear current op so user can enter next, or EOF
|
// Clear current op so user can enter next, or EOF
|
||||||
rec.SetOp([]byte{0})
|
rec.SetOp([]byte{0})
|
||||||
if runErr != nil {
|
if runErr != nil {
|
||||||
logger.LogErr(fmt.Sprintf("[Error generating autologin token for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogErr(fmt.Sprintf("[Error generating autologin token for %s@%s]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
} else {
|
} else {
|
||||||
log.Printf("[Autologin token generation completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)
|
log.Printf("[Autologin token generation completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)
|
||||||
hc.SetStatus(xsnet.CSOType(cmdStatus))
|
hc.SetStatus(xsnet.CSOType(cmdStatus))
|
||||||
|
@ -793,31 +795,31 @@ func main() {
|
||||||
// Non-interactive command
|
// Non-interactive command
|
||||||
addr := hc.RemoteAddr()
|
addr := hc.RemoteAddr()
|
||||||
hname := goutmp.GetHost(addr.String())
|
hname := goutmp.GetHost(addr.String())
|
||||||
logger.LogNotice(fmt.Sprintf("[Running command for [%s@%s]]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Running command for [%s@%s]]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), string(rec.Cmd()), false, hc, chaffEnabled)
|
cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), string(rec.Cmd()), false, hc, chaffEnabled)
|
||||||
// Returned hopefully via an EOF or exit/logout;
|
// Returned hopefully via an EOF or exit/logout;
|
||||||
// Clear current op so user can enter next, or EOF
|
// Clear current op so user can enter next, or EOF
|
||||||
rec.SetOp([]byte{0})
|
rec.SetOp([]byte{0})
|
||||||
if runErr != nil {
|
if runErr != nil {
|
||||||
logger.LogErr(fmt.Sprintf("[Error spawning cmd for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogErr(fmt.Sprintf("[Error spawning cmd for %s@%s]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
} else {
|
} else {
|
||||||
logger.LogNotice(fmt.Sprintf("[Command completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Command completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) //nolint:errcheck
|
||||||
hc.SetStatus(xsnet.CSOType(cmdStatus))
|
hc.SetStatus(xsnet.CSOType(cmdStatus))
|
||||||
}
|
}
|
||||||
} else if rec.Op()[0] == 's' {
|
} else if rec.Op()[0] == 's' {
|
||||||
// Interactive session
|
// Interactive session
|
||||||
addr := hc.RemoteAddr()
|
addr := hc.RemoteAddr()
|
||||||
hname := goutmp.GetHost(addr.String())
|
hname := goutmp.GetHost(addr.String())
|
||||||
logger.LogNotice(fmt.Sprintf("[Running shell for [%s@%s]]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Running shell for [%s@%s]]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
|
|
||||||
cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), string(rec.Cmd()), true, hc, chaffEnabled)
|
cmdStatus, runErr := runShellAs(string(rec.Who()), hname, string(rec.TermType()), string(rec.Cmd()), true, hc, chaffEnabled)
|
||||||
// Returned hopefully via an EOF or exit/logout;
|
// Returned hopefully via an EOF or exit/logout;
|
||||||
// Clear current op so user can enter next, or EOF
|
// Clear current op so user can enter next, or EOF
|
||||||
rec.SetOp([]byte{0})
|
rec.SetOp([]byte{0})
|
||||||
if runErr != nil {
|
if runErr != nil {
|
||||||
Log.Err(fmt.Sprintf("[Error spawning shell for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
Log.Err(fmt.Sprintf("[Error spawning shell for %s@%s]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
} else {
|
} else {
|
||||||
logger.LogNotice(fmt.Sprintf("[Shell completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[Shell completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) //nolint:errcheck
|
||||||
hc.SetStatus(xsnet.CSOType(cmdStatus))
|
hc.SetStatus(xsnet.CSOType(cmdStatus))
|
||||||
}
|
}
|
||||||
} else if rec.Op()[0] == 'D' {
|
} else if rec.Op()[0] == 'D' {
|
||||||
|
@ -825,41 +827,41 @@ func main() {
|
||||||
log.Printf("[Client->Server copy]\n")
|
log.Printf("[Client->Server copy]\n")
|
||||||
addr := hc.RemoteAddr()
|
addr := hc.RemoteAddr()
|
||||||
hname := goutmp.GetHost(addr.String())
|
hname := goutmp.GetHost(addr.String())
|
||||||
logger.LogNotice(fmt.Sprintf("[c->s copy for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[c->s copy for %s@%s]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
cmdStatus, runErr := runClientToServerCopyAs(string(rec.Who()), string(rec.TermType()), hc, string(rec.Cmd()), chaffEnabled)
|
cmdStatus, runErr := runClientToServerCopyAs(string(rec.Who()), string(rec.TermType()), hc, string(rec.Cmd()), chaffEnabled)
|
||||||
// Returned hopefully via an EOF or exit/logout;
|
// Returned hopefully via an EOF or exit/logout;
|
||||||
// Clear current op so user can enter next, or EOF
|
// Clear current op so user can enter next, or EOF
|
||||||
rec.SetOp([]byte{0})
|
rec.SetOp([]byte{0})
|
||||||
if runErr != nil {
|
if runErr != nil {
|
||||||
logger.LogErr(fmt.Sprintf("[c->s copy error for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogErr(fmt.Sprintf("[c->s copy error for %s@%s]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
} else {
|
} else {
|
||||||
logger.LogNotice(fmt.Sprintf("[c->s copy completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[c->s copy completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) //nolint:errcheck
|
||||||
}
|
}
|
||||||
// TODO: Test this with huge files.. see Bug #22 - do we need to
|
// TODO: Test this with huge files.. see Bug #22 - do we need to
|
||||||
// sync w/sender (client) that we've gotten all data?
|
// sync w/sender (client) that we've gotten all data?
|
||||||
hc.SetStatus(xsnet.CSOType(cmdStatus))
|
hc.SetStatus(xsnet.CSOType(cmdStatus))
|
||||||
|
|
||||||
// Send CSOExitStatus *before* client closes channel
|
// Send CSOExitStatus *before* client closes channel
|
||||||
s := make([]byte, 4)
|
s := make([]byte, 4) //nolint:gomnd
|
||||||
binary.BigEndian.PutUint32(s, cmdStatus)
|
binary.BigEndian.PutUint32(s, cmdStatus)
|
||||||
log.Printf("** cp writing closeStat %d at Close()\n", cmdStatus)
|
log.Printf("** cp writing closeStat %d at Close()\n", cmdStatus)
|
||||||
hc.WritePacket(s, xsnet.CSOExitStatus) // nolint: gosec,errcheck
|
hc.WritePacket(s, xsnet.CSOExitStatus) //nolint:errcheck
|
||||||
} else if rec.Op()[0] == 'S' {
|
} else if rec.Op()[0] == 'S' {
|
||||||
// File copy (src) operation - server copy to client
|
// File copy (src) operation - server copy to client
|
||||||
log.Printf("[Server->Client copy]\n")
|
log.Printf("[Server->Client copy]\n")
|
||||||
addr := hc.RemoteAddr()
|
addr := hc.RemoteAddr()
|
||||||
hname := goutmp.GetHost(addr.String())
|
hname := goutmp.GetHost(addr.String())
|
||||||
logger.LogNotice(fmt.Sprintf("[s->c copy for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[s->c copy for %s@%s]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
cmdStatus, runErr := runServerToClientCopyAs(string(rec.Who()), string(rec.TermType()), hc, string(rec.Cmd()), chaffEnabled)
|
cmdStatus, runErr := runServerToClientCopyAs(string(rec.Who()), string(rec.TermType()), hc, string(rec.Cmd()), chaffEnabled)
|
||||||
if runErr != nil {
|
if runErr != nil {
|
||||||
logger.LogErr(fmt.Sprintf("[s->c copy error for %s@%s]\n", rec.Who(), hname)) // nolint: gosec,errcheck
|
logger.LogErr(fmt.Sprintf("[s->c copy error for %s@%s]\n", rec.Who(), hname)) //nolint:errcheck
|
||||||
} else {
|
} else {
|
||||||
// Returned hopefully via an EOF or exit/logout;
|
// Returned hopefully via an EOF or exit/logout;
|
||||||
logger.LogNotice(fmt.Sprintf("[s->c copy completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) // nolint: gosec,errcheck
|
logger.LogNotice(fmt.Sprintf("[s->c copy completed for %s@%s, status %d]\n", rec.Who(), hname, cmdStatus)) //nolint:errcheck
|
||||||
}
|
}
|
||||||
// HACK: Bug #22: (xc) Need to wait for rcvr to get final data
|
// HACK: Bug #22: (xc) Need to wait for rcvr to get final data
|
||||||
// TODO: Await specific msg from client to inform they have gotten all data from the tarpipe
|
// TODO: Await specific msg from client to inform they have gotten all data from the tarpipe
|
||||||
time.Sleep(time.Duration(900 * time.Millisecond)) // Let rcvr set this on setup?
|
time.Sleep(900 * time.Millisecond) //nolint:gomnd // Let rcvr set this on setup?
|
||||||
|
|
||||||
// Clear current op so user can enter next, or EOF
|
// Clear current op so user can enter next, or EOF
|
||||||
rec.SetOp([]byte{0})
|
rec.SetOp([]byte{0})
|
||||||
|
@ -868,12 +870,12 @@ func main() {
|
||||||
//_, _ = hc.Read(nil /*ackByte*/)
|
//_, _ = hc.Read(nil /*ackByte*/)
|
||||||
//fmt.Println("Got remote end ack.")
|
//fmt.Println("Got remote end ack.")
|
||||||
} else {
|
} else {
|
||||||
logger.LogErr(fmt.Sprintln("[Bad xs.Session]")) // nolint: gosec,errcheck
|
logger.LogErr(fmt.Sprintln("[Bad xs.Session]")) //nolint:errcheck
|
||||||
}
|
}
|
||||||
return
|
return
|
||||||
}(&conn) // nolint: errcheck
|
}(&conn) //nolint:errcheck
|
||||||
} // algs valid and not blacklisted
|
} // algs valid and not blacklisted
|
||||||
} // Accept() success
|
} // Accept() success
|
||||||
} //endfor
|
} //endfor
|
||||||
//logger.LogNotice(fmt.Sprintln("[Exiting]")) // nolint: gosec,errcheck
|
//logger.LogNotice(fmt.Sprintln("[Exiting]")) //nolint:errcheck
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue