-TODO items; scrub authCookie after use

This commit is contained in:
Russ Magee 2018-09-14 00:40:20 -07:00
parent c9eb6bcb38
commit 1efc1337df
2 changed files with 13 additions and 1 deletions

View File

@ -11,11 +11,18 @@ Architecture
(DONE) - Move hkexnet components other than key exchange into a proper hkex package (DONE) - Move hkexnet components other than key exchange into a proper hkex package
(ie., hkexsh imports hkex) - hkex should be usable for other client/svr utils, (ie., hkexsh imports hkex) - hkex should be usable for other client/svr utils,
ala 'hkex-netcat') ala 'hkex-netcat')
(parts split out into hkexnet/*, hkexsession.go)
- Make KEx fully-pluggable: isolate all code to do with Herradura into a - Make KEx fully-pluggable: isolate all code to do with Herradura into a
KEx-neutral pkg so it can be swapped out for other methods (eg., DH etc.) KEx-neutral pkg so it can be swapped out for other methods (eg., DH etc.)
Features Features
- Support for hkcp (hkex-cp) - secure file copy protocol (DONE) - Support for hkcp (hkex-cp) - secure file copy protocol
- (IN PROGRESS) auth tokens to allow scripted hkexsh/hkexcp use
* ~/.hkexsh_id file with multiple (host:token) entries
(Currently only one supported - need to support multiple lines for
multiple dest servers; also consider client sending host/ip used
to connect to server, so it can ensure the auth token matches that
used as servers can potentially be reached by multiple hostnames/IPs)
- hktun - tunnelling - multiple tunnel sessions co-existing w/shell sessions - hktun - tunnelling - multiple tunnel sessions co-existing w/shell sessions
Alternate transports for hkexsh.Conn - HTTP-mimicking traffic, ICMP, ... ? Alternate transports for hkexsh.Conn - HTTP-mimicking traffic, ICMP, ... ?

View File

@ -519,6 +519,7 @@ func main() {
} }
if len(authCookie) == 0 { if len(authCookie) == 0 {
//No auth token, prompt for password
fmt.Printf("Gimme cookie:") fmt.Printf("Gimme cookie:")
ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd())) ab, err := hkexsh.ReadPassword(int(os.Stdin.Fd()))
fmt.Printf("\r\n") fmt.Printf("\r\n")
@ -541,6 +542,10 @@ func main() {
_, err = conn.Write(rec.Cmd()) _, err = conn.Write(rec.Cmd())
_, err = conn.Write(rec.AuthCookie(true)) _, err = conn.Write(rec.AuthCookie(true))
//Security scrub
authCookie = nil
runtime.GC()
// Read auth reply from server // Read auth reply from server
authReply := make([]byte, 1) // bool: 0 = fail, 1 = pass authReply := make([]byte, 1) // bool: 0 = fail, 1 = pass
_, err = conn.Read(authReply) _, err = conn.Read(authReply)