Work on setup for tunnels

Signed-off-by: Russ Magee <rmagee@gmail.com>
This commit is contained in:
Russ Magee 2018-10-27 01:51:40 -07:00
parent 48b0c41f62
commit 1e6da733a2
2 changed files with 48 additions and 10 deletions

View file

@ -92,9 +92,9 @@ type (
// TunEndpoint [securePort:peer:dataPort] // TunEndpoint [securePort:peer:dataPort]
TunEndpoint struct { TunEndpoint struct {
tunPort uint16 TunPort uint16
peer net.Addr Peer string //net.Addr
dataPort uint16 DataPort uint16
} }
// Conn is a connection wrapping net.Conn with KEX & session state // Conn is a connection wrapping net.Conn with KEX & session state
@ -110,6 +110,8 @@ type (
chaff ChaffConfig chaff ChaffConfig
tuns []TunEndpoint
closeStat *CSOType // close status (CSOExitStatus) closeStat *CSOType // close status (CSOExitStatus)
r cipher.Stream //read cipherStream r cipher.Stream //read cipherStream
rm hash.Hash rm hash.Hash
@ -123,6 +125,11 @@ var (
Log *logger.Writer // reg. syslog output (no -d) Log *logger.Writer // reg. syslog output (no -d)
) )
// Return string (suitable as map key) for a tunnel endpoint
func (t *TunEndpoint) String() string {
return fmt.Sprintf("[%d:%s:%d]", t.DataPort, t.Peer, t.TunPort)
}
func _initLogging(d bool, c string, f logger.Priority) { func _initLogging(d bool, c string, f logger.Priority) {
if Log == nil { if Log == nil {
Log, _ = logger.New(f, fmt.Sprintf("%s:hkexnet", c)) Log, _ = logger.New(f, fmt.Sprintf("%s:hkexnet", c))
@ -814,7 +821,14 @@ func (hc Conn) Read(b []byte) (n int, err error) {
} }
hc.Close() hc.Close()
} else if ctrlStatOp == CSOTunReq { } else if ctrlStatOp == CSOTunReq {
Log.Notice("[Client Tunnel Open Request - TODO]\n") // This should ONLY be sent from client -> server!
// TODO: Hmm. should this package (hkexnet) take a 'server'/'client' context
// in order to know how to handle mis-uses?
addrs, _ := net.InterfaceAddrs()
t := TunEndpoint{Peer: addrs[0].String()}
t.TunPort = binary.BigEndian.Uint16(payloadBytes)
//fmt.Sscanf(string(payloadBytes), "%d", &t.tunPort)
Log.Notice(fmt.Sprintf("[TODO: Client Tunnel Open Request - traffic for server %s, port %d]\n", t.Peer, t.TunPort))
} else if ctrlStatOp == CSOTunAck { } else if ctrlStatOp == CSOTunAck {
Log.Notice("[Server Tunnel Open Ack - TODO]\n") Log.Notice("[Server Tunnel Open Ack - TODO]\n")
} else { } else {

View file

@ -16,6 +16,7 @@ import (
"io" "io"
"io/ioutil" "io/ioutil"
"log" "log"
"net"
"os" "os"
"os/exec" "os/exec"
"os/user" "os/user"
@ -28,8 +29,8 @@ import (
hkexsh "blitter.com/go/hkexsh" hkexsh "blitter.com/go/hkexsh"
"blitter.com/go/hkexsh/hkexnet" "blitter.com/go/hkexsh/hkexnet"
"blitter.com/go/hkexsh/spinsult"
"blitter.com/go/hkexsh/logger" "blitter.com/go/hkexsh/logger"
"blitter.com/go/hkexsh/spinsult"
isatty "github.com/mattn/go-isatty" isatty "github.com/mattn/go-isatty"
) )
@ -336,6 +337,15 @@ func rejectUserMsg() string {
return "Begone, " + spinsult.GetSentence() + "\r\n" return "Begone, " + spinsult.GetSentence() + "\r\n"
} }
func requestTunnel(c *hkexnet.Conn, dp uint16, p string /*net.Addr*/, tp uint16) (t hkexnet.TunEndpoint) {
t = hkexnet.TunEndpoint{DataPort: dp, Peer: p, TunPort: tp}
var bTmp bytes.Buffer
binary.Write(&bTmp, binary.BigEndian, t.DataPort)
c.WritePacket(bTmp.Bytes(), hkexnet.CSOTunReq)
return
}
// hkexsh - a client for secure shell and file copy operations. // hkexsh - a client for secure shell and file copy operations.
// //
// While conforming to the basic net.Conn interface HKex.Conn has extra // While conforming to the basic net.Conn interface HKex.Conn has extra
@ -359,6 +369,7 @@ func main() {
var server string var server string
var port uint var port uint
var cmdStr string var cmdStr string
var tunSpecStr string // lport1:rport1[,lport2:rport2,...]
var copySrc []byte var copySrc []byte
var copyDst string var copyDst string
@ -380,9 +391,9 @@ func main() {
flag.UintVar(&port, "p", 2000, "`port`") flag.UintVar(&port, "p", 2000, "`port`")
//flag.StringVar(&authCookie, "a", "", "auth cookie") //flag.StringVar(&authCookie, "a", "", "auth cookie")
flag.BoolVar(&chaffEnabled, "e", true, "enabled chaff pkts (default true)") flag.BoolVar(&chaffEnabled, "e", true, "enabled chaff pkts (default true)")
flag.UintVar(&chaffFreqMin, "f", 100, "chaff pkt `freq` min (msecs)") flag.UintVar(&chaffFreqMin, "f", 100, "`msecs-min` chaff pkt freq min (msecs)")
flag.UintVar(&chaffFreqMax, "F", 5000, "chaff pkt `freq` max (msecs)") flag.UintVar(&chaffFreqMax, "F", 5000, "`msecs-max` chaff pkt freq max (msecs)")
flag.UintVar(&chaffBytesMax, "B", 64, "chaff pkt `size` max (bytes)") flag.UintVar(&chaffBytesMax, "B", 64, "chaff pkt size max (bytes)")
// Find out what program we are (shell or copier) // Find out what program we are (shell or copier)
myPath := strings.Split(os.Args[0], string(os.PathSeparator)) myPath := strings.Split(os.Args[0], string(os.PathSeparator))
@ -390,6 +401,7 @@ func main() {
// hkexsh accepts a command (-x) but not // hkexsh accepts a command (-x) but not
// a srcpath (-r) or dstpath (-t) // a srcpath (-r) or dstpath (-t)
flag.StringVar(&cmdStr, "x", "", "`command` to run (if not specified run interactive shell)") flag.StringVar(&cmdStr, "x", "", "`command` to run (if not specified run interactive shell)")
flag.StringVar(&tunSpecStr, "t", "", "`tunnelspec` localPort:remotePort[,localPort:remotePort,...]")
flag.BoolVar(&gopt, "g", false, "ask server to generate authtoken") flag.BoolVar(&gopt, "g", false, "ask server to generate authtoken")
shellMode = true shellMode = true
flag.Usage = UsageShell flag.Usage = UsageShell
@ -613,12 +625,24 @@ func main() {
// Set up chaffing to server // Set up chaffing to server
conn.SetupChaff(chaffFreqMin, chaffFreqMax, chaffBytesMax) // enable client->server chaffing conn.SetupChaff(chaffFreqMin, chaffFreqMax, chaffBytesMax) // enable client->server chaffing
if chaffEnabled { if chaffEnabled {
conn.EnableChaff() conn.EnableChaff() // goroutine, returns immediately
defer conn.DisableChaff() defer conn.DisableChaff()
defer conn.ShutdownChaff() defer conn.ShutdownChaff()
} }
if shellMode { if shellMode {
// TODO: tunnel setup would be here or within doShellMode()
// TESTING - tunnel
remAddrs, _ := net.LookupHost(remoteHost)
t := requestTunnel(&conn, 6001, remAddrs[0], 7001)
_ = t
//t := hkexnet.TunEndpoint{DataPort: 6001, Peer: nil, TunPort: 7001}
//var bTmp bytes.Buffer
//binary.Write(&bTmp, binary.BigEndian, t.DataPort)
//conn.WritePacket(bTmp.Bytes(), hkexnet.CSOTunReq)
// END TESTING - tunnel
doShellMode(isInteractive, &conn, oldState, rec) doShellMode(isInteractive, &conn, oldState, rec)
} else { // copyMode } else { // copyMode
_, s := doCopyMode(&conn, pathIsDest, fileArgs, rec) _, s := doCopyMode(&conn, pathIsDest, fileArgs, rec)