Set lots of KEx Printfs to log.Printf (and off by default). Hacky non=tty shell works!

This commit is contained in:
Russ Magee 2018-01-17 21:27:00 -08:00
parent cca2895526
commit e8fe31f6d7
3 changed files with 44 additions and 46 deletions

View File

@ -4,6 +4,8 @@ import (
"flag" "flag"
"fmt" "fmt"
"io" "io"
"io/ioutil"
"log"
"os" "os"
"sync" "sync"
@ -34,6 +36,8 @@ func main() {
flag.StringVar(&server, "s", "localhost:2000", "server hostname/address[:port]") flag.StringVar(&server, "s", "localhost:2000", "server hostname/address[:port]")
flag.Parse() flag.Parse()
log.SetOutput(ioutil.Discard)
conn, err := hkex.Dial("tcp", server, cAlg, hAlg) conn, err := hkex.Dial("tcp", server, cAlg, hAlg)
if err != nil { if err != nil {
fmt.Println("Err!") fmt.Println("Err!")

View File

@ -3,6 +3,7 @@ package main
import ( import (
"flag" "flag"
"fmt" "fmt"
"io/ioutil"
"log" "log"
"os/exec" "os/exec"
"os/user" "os/user"
@ -36,13 +37,14 @@ type cmdRunner struct {
status int status int
} }
func cmd(r *cmdRunner) { /*
func cmd(r *cmdRunner) {
switch r.op { switch r.op {
case OpR: case OpR:
//Clean up r.cmd beforehand //Clean up r.cmd beforehand
r.arg = strings.TrimSpace(r.arg) r.arg = strings.TrimSpace(r.arg)
fmt.Printf("[cmd was:'%s']\n", r.arg) fmt.Printf("[cmd was:'%s']\n", r.arg)
runCmdAs(r.who, r.arg) runCmdAs(r.who, r.arg, nil)
fmt.Println(r.arg) fmt.Println(r.arg)
break break
default: default:
@ -50,14 +52,15 @@ func cmd(r *cmdRunner) {
break break
} }
} }
*/
// Run a command (via os.exec) as a specific user // Run a command (via os.exec) as a specific user
func runCmdAs(who string, cmd string) (err error) { func runCmdAs(who string, cmd string, conn hkex.Conn) (err error) {
u, _ := user.Lookup(who) u, _ := user.Lookup(who)
var uid, gid uint32 var uid, gid uint32
fmt.Sscanf(u.Uid, "%d", &uid) fmt.Sscanf(u.Uid, "%d", &uid)
fmt.Sscanf(u.Gid, "%d", &gid) fmt.Sscanf(u.Gid, "%d", &gid)
//fmt.Println("uid:", uid, "gid:", gid) fmt.Println("uid:", uid, "gid:", gid)
args := strings.Split(cmd, " ") args := strings.Split(cmd, " ")
arg0 := args[0] arg0 := args[0]
@ -65,6 +68,10 @@ func runCmdAs(who string, cmd string) (err error) {
c := exec.Command(arg0, args...) c := exec.Command(arg0, args...)
c.SysProcAttr = &syscall.SysProcAttr{} c.SysProcAttr = &syscall.SysProcAttr{}
c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid} c.SysProcAttr.Credential = &syscall.Credential{Uid: uid, Gid: gid}
c.Stdin = conn
c.Stdout = conn
c.Stderr = conn
err = c.Run() err = c.Run()
if err != nil { if err != nil {
log.Printf("Command finished with error: %v", err) log.Printf("Command finished with error: %v", err)
@ -84,6 +91,8 @@ func main() {
flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen") flag.StringVar(&laddr, "l", ":2000", "interface[:port] to listen")
flag.Parse() flag.Parse()
log.SetOutput(ioutil.Discard)
// Listen on TCP port 2000 on all available unicast and // Listen on TCP port 2000 on all available unicast and
// anycast IP addresses of the local system. // anycast IP addresses of the local system.
l, err := hkex.Listen("tcp", laddr) l, err := hkex.Listen("tcp", laddr)
@ -155,13 +164,18 @@ func main() {
// authCookie: "c00ki3", // authCookie: "c00ki3",
// status: 0} // status: 0}
} }
// From here, one could pass all subsequent data // From here, one could pass all subsequent data
// between client/server attached to an exec.Cmd, // between client/server attached to an exec.Cmd,
// as data to/from a file, etc. // as data to/from a file, etc.
conn.Write([]byte("SERVER RESPONSE to '")) if *connOp == 's' {
conn.Write(data) fmt.Println("[Running shell]")
conn.Write([]byte("'\n")) runCmdAs("larissa", "bash -l -i", conn)
// Returned hopefully via an EOF or exit/logout;
// Clear current op so user can enter next, or EOF
connOp = nil
fmt.Println("[Exiting shell]")
}
if strings.Trim(string(data), "\r\n") == "exit" { if strings.Trim(string(data), "\r\n") == "exit" {
conn.Close() conn.Close()
} }

View File

@ -25,6 +25,7 @@ import (
"bytes" "bytes"
"crypto/cipher" "crypto/cipher"
"fmt" "fmt"
"log"
"math/big" "math/big"
"net" "net"
"time" "time"
@ -104,27 +105,27 @@ func (c Conn) applyConnExtensions(extensions ...string) {
for _, s := range extensions { for _, s := range extensions {
switch s { switch s {
case "C_AES_256": case "C_AES_256":
fmt.Println("[extension arg = C_AES_256]") log.Println("[extension arg = C_AES_256]")
c.cipheropts &= (0xFFFFFF00) c.cipheropts &= (0xFFFFFF00)
c.cipheropts |= CAlgAES256 c.cipheropts |= CAlgAES256
break break
case "C_TWOFISH_128": case "C_TWOFISH_128":
fmt.Println("[extension arg = C_TWOFISH_128]") log.Println("[extension arg = C_TWOFISH_128]")
c.cipheropts &= (0xFFFFFF00) c.cipheropts &= (0xFFFFFF00)
c.cipheropts |= CAlgTwofish128 c.cipheropts |= CAlgTwofish128
break break
case "C_BLOWFISH_64": case "C_BLOWFISH_64":
fmt.Println("[extension arg = C_BLOWFISH_64]") log.Println("[extension arg = C_BLOWFISH_64]")
c.cipheropts &= (0xFFFFFF00) c.cipheropts &= (0xFFFFFF00)
c.cipheropts |= CAlgBlowfish64 c.cipheropts |= CAlgBlowfish64
break break
case "H_SHA256": case "H_SHA256":
fmt.Println("[extension arg = H_SHA256]") log.Println("[extension arg = H_SHA256]")
c.cipheropts &= (0xFFFF00FF) c.cipheropts &= (0xFFFF00FF)
c.cipheropts |= (HmacSHA256 << 8) c.cipheropts |= (HmacSHA256 << 8)
break break
default: default:
fmt.Printf("[Dial ext \"%s\" ignored]\n", s) log.Printf("[Dial ext \"%s\" ignored]\n", s)
break break
} }
} }
@ -161,10 +162,10 @@ func Dial(protocol string, ipport string, extensions ...string) (hc *Conn, err e
} }
hc.h.PeerD = d hc.h.PeerD = d
fmt.Printf("** D:%s\n", hc.h.d.Text(16)) log.Printf("** D:%s\n", hc.h.d.Text(16))
fmt.Printf("**(c)** peerD:%s\n", hc.h.PeerD.Text(16)) log.Printf("**(c)** peerD:%s\n", hc.h.PeerD.Text(16))
hc.h.FA() hc.h.FA()
fmt.Printf("**(c)** FA:%s\n", hc.h.fa) log.Printf("**(c)** FA:%s\n", hc.h.fa)
hc.r = hc.getStream(hc.h.fa) hc.r = hc.getStream(hc.h.fa)
hc.w = hc.getStream(hc.h.fa) hc.w = hc.getStream(hc.h.fa)
@ -277,10 +278,10 @@ func (hl HKExListener) Accept() (hc Conn, err error) {
return hc, err return hc, err
} }
hc.h.PeerD = d hc.h.PeerD = d
fmt.Printf("** D:%s\n", hc.h.d.Text(16)) log.Printf("** D:%s\n", hc.h.d.Text(16))
fmt.Printf("**(s)** peerD:%s\n", hc.h.PeerD.Text(16)) log.Printf("**(s)** peerD:%s\n", hc.h.PeerD.Text(16))
hc.h.FA() hc.h.FA()
fmt.Printf("**(s)** FA:%s\n", hc.h.fa) log.Printf("**(s)** FA:%s\n", hc.h.fa)
fmt.Fprintf(c, "0x%s\n%08x:%08x:%02x\n", hc.h.d.Text(16), fmt.Fprintf(c, "0x%s\n%08x:%08x:%02x\n", hc.h.d.Text(16),
hc.cipheropts, hc.opts, hc.op) hc.cipheropts, hc.opts, hc.op)
@ -296,7 +297,7 @@ func (hl HKExListener) Accept() (hc Conn, err error) {
// //
// See go doc io.Reader // See go doc io.Reader
func (c Conn) Read(b []byte) (n int, err error) { func (c Conn) Read(b []byte) (n int, err error) {
fmt.Printf("[Decrypting...]\n") log.Printf("[Decrypting...]\n")
//c.c.SetReadDeadline(time.Now().Add(1 * time.Second)) //c.c.SetReadDeadline(time.Now().Add(1 * time.Second))
n, err = c.c.Read(b) n, err = c.c.Read(b)
@ -307,14 +308,14 @@ func (c Conn) Read(b []byte) (n int, err error) {
// panic(err) // panic(err)
//} //}
} }
fmt.Printf(" ctext:%+v\n", b[:n]) // print only used portion log.Printf(" ctext:%+v\n", b[:n]) // print only used portion
db := bytes.NewBuffer(b[:n]) db := bytes.NewBuffer(b[:n])
// The StreamReader acts like a pipe, decrypting // The StreamReader acts like a pipe, decrypting
// whatever is available and forwarding the result // whatever is available and forwarding the result
// to the parameter of Read() as a normal io.Reader // to the parameter of Read() as a normal io.Reader
rs := &cipher.StreamReader{S: c.r, R: db} rs := &cipher.StreamReader{S: c.r, R: db}
n, err = rs.Read(b) n, err = rs.Read(b)
fmt.Printf(" ptext:%+v\n", b[:n]) log.Printf(" ptext:%+v\n", b[:n])
return return
} }
@ -322,8 +323,8 @@ func (c Conn) Read(b []byte) (n int, err error) {
// //
// See go doc io.Writer // See go doc io.Writer
func (c Conn) Write(b []byte) (n int, err error) { func (c Conn) Write(b []byte) (n int, err error) {
fmt.Printf("[Encrypting...]\n") log.Printf("[Encrypting...]\n")
fmt.Printf(" ptext:%+v\n", b) log.Printf(" ptext:%+v\n", b)
var wb bytes.Buffer var wb bytes.Buffer
// The StreamWriter acts like a pipe, forwarding whatever is // The StreamWriter acts like a pipe, forwarding whatever is
// written to it through the cipher, encrypting as it goes // written to it through the cipher, encrypting as it goes
@ -332,28 +333,7 @@ func (c Conn) Write(b []byte) (n int, err error) {
if err != nil { if err != nil {
panic(err) panic(err)
} }
fmt.Printf(" ctext:%+v\n", wb.Bytes()) log.Printf(" ctext:%+v\n", wb.Bytes())
n, err = c.c.Write(wb.Bytes()) n, err = c.c.Write(wb.Bytes())
return return
} }
// Return c coerced into a HKEx Conn (which implements interface net.Conn)
// Only useful if one wants to convert an open connection later to HKEx
// (Use Dial() instead to start with HKEx automatically.)
/*
func NewHKExConn(c *net.Conn) (hc *Conn) {
hc = new(Conn)
hc.c = *c
hc.h = New(0, 0)
d := big.NewInt(0)
_, err := fmt.Fscanln(hc.c, d)
if err != nil {
//
}
hc.h.PeerD = d
fmt.Printf("** D:%s\n", hc.h.d.Text(16))
fmt.Printf("** peerD:%s\n", hc.h.PeerD.Text(16))
return
}
*/