From 2bedf5409d6ea80552949d21f6bd7c6a5cbb4ee8 Mon Sep 17 00:00:00 2001 From: "Sam@host-20089" Date: Mon, 22 Nov 2021 15:19:16 +0800 Subject: [PATCH 01/14] up links --- go mod: gitee.com/g-devops/chisel up links 02 # Conflicts: # main.go --- .github/goreleaser.yml | 2 +- Dockerfile | 2 +- bench/main.go | 2 +- client/client.go | 2 +- go.mod | 2 +- main.go | 6 +++--- server/handler.go | 2 +- server/server.go | 2 +- 8 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/goreleaser.yml b/.github/goreleaser.yml index 77ca1d6..dcc3333 100644 --- a/.github/goreleaser.yml +++ b/.github/goreleaser.yml @@ -2,7 +2,7 @@ builds: - env: - CGO_ENABLED=0 ldflags: - - -s -w -X github.com/jpillora/chisel/share.BuildVersion={{.Version}} + - -s -w -X gitee.com/g-devops/chisel/share.BuildVersion={{.Version}} goos: - linux - darwin diff --git a/Dockerfile b/Dockerfile index e3e2073..4379f6f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ ENV CGO_ENABLED 0 ADD . /src WORKDIR /src RUN go build \ - -ldflags "-X github.com/jpillora/chisel/share.BuildVersion=$(git describe --abbrev=0 --tags)" \ + -ldflags "-X gitee.com/g-devops/chisel/share.BuildVersion=$(git describe --abbrev=0 --tags)" \ -o chisel # container stage FROM alpine diff --git a/bench/main.go b/bench/main.go index 30a867a..84ebe51 100644 --- a/bench/main.go +++ b/bench/main.go @@ -25,7 +25,7 @@ import ( "path" "strconv" - "github.com/jpillora/chisel/share" + chshare "gitee.com/g-devops/chisel/share" "time" ) diff --git a/client/client.go b/client/client.go index 3d77013..313689d 100644 --- a/client/client.go +++ b/client/client.go @@ -11,9 +11,9 @@ import ( "strings" "time" + chshare "gitee.com/g-devops/chisel/share" "github.com/gorilla/websocket" "github.com/jpillora/backoff" - chshare "github.com/jpillora/chisel/share" "golang.org/x/crypto/ssh" ) diff --git a/go.mod b/go.mod index 8832e69..8123f15 100644 --- a/go.mod +++ b/go.mod @@ -1,4 +1,4 @@ -module github.com/jpillora/chisel +module gitee.com/g-devops/chisel go 1.13 diff --git a/main.go b/main.go index 570b508..92e655d 100644 --- a/main.go +++ b/main.go @@ -8,9 +8,9 @@ import ( "os" "strconv" - "github.com/jpillora/chisel/client" - "github.com/jpillora/chisel/server" - chshare "github.com/jpillora/chisel/share" + chclient "gitee.com/g-devops/chisel/client" + chserver "gitee.com/g-devops/chisel/server" + chshare "gitee.com/g-devops/chisel/share" ) var help = ` diff --git a/server/handler.go b/server/handler.go index d48eeb6..cb68759 100644 --- a/server/handler.go +++ b/server/handler.go @@ -8,7 +8,7 @@ import ( "sync/atomic" "time" - chshare "github.com/jpillora/chisel/share" + chshare "gitee.com/g-devops/chisel/share" "golang.org/x/crypto/ssh" ) diff --git a/server/server.go b/server/server.go index 8a60dd5..7cf98d9 100644 --- a/server/server.go +++ b/server/server.go @@ -10,9 +10,9 @@ import ( "os" "regexp" + chshare "gitee.com/g-devops/chisel/share" socks5 "github.com/armon/go-socks5" "github.com/gorilla/websocket" - chshare "github.com/jpillora/chisel/share" "github.com/jpillora/requestlog" "golang.org/x/crypto/ssh" ) -- Gitee From f77fbc9a1098e7baca86aceda9b893e0694bdff0 Mon Sep 17 00:00:00 2001 From: littlematchboy Date: Tue, 8 Oct 2019 12:16:11 +0200 Subject: [PATCH 02/14] Support Unix Domain Socket --- README.md | 17 ++++++++++++++++- client/client.go | 13 ++++++++++++- main.go | 6 ++++++ server/handler.go | 21 ++++++++++++++++++++- server/server.go | 3 +++ share/remote.go | 44 ++++++++++++++++++++++++++++++++++++++++++-- share/ssh.go | 10 +++++++++- 7 files changed, 108 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f71f9c5..5772fef 100644 --- a/README.md +++ b/README.md @@ -165,7 +165,21 @@ $ chisel client --help R:::: which does reverse port forwarding, sharing : - from the client to the server's :. + from the client to the server's :, or: + + ::unix:// + + ■ local-host defaults to 0.0.0.0 (all interfaces). + ■ local-port is required*. + ■ `path/to/unix/domain/socket` is the path to the domain socket to be connected. + + which shares the unix domain socket from the server to the client as + :, or + + R:::unix:// + + which does reverse forwarding, sharing the unix domain socket + `path/to/unix/domain/socket` from the client to the server's : example remotes @@ -175,6 +189,7 @@ $ chisel client --help 192.168.0.5:3000:google.com:80 socks 5000:socks + 5000:unix:///tmp/mysql.sock R:2222:localhost:22 When the chisel server has --socks5 enabled, remotes can diff --git a/client/client.go b/client/client.go index 313689d..f278402 100644 --- a/client/client.go +++ b/client/client.go @@ -8,6 +8,7 @@ import ( "net/http" "net/url" "regexp" + "runtime" "strings" "time" @@ -270,6 +271,7 @@ func (c *Client) Close() error { } func (c *Client) connectStreams(chans <-chan ssh.NewChannel) { + socketPrefix := "unix://" for ch := range chans { remote := string(ch.ExtraData()) stream, reqs, err := ch.Accept() @@ -279,6 +281,15 @@ func (c *Client) connectStreams(chans <-chan ssh.NewChannel) { } go ssh.DiscardRequests(reqs) l := c.Logger.Fork("conn#%d", c.connStats.New()) - go chshare.HandleTCPStream(l, &c.connStats, stream, remote) + if strings.HasPrefix(remote, socketPrefix) { + if runtime.GOOS != "linux" && runtime.GOOS != "darwin" { + c.Debugf("Unix domain socket is only supported on *nix system") + continue + } + remote := strings.TrimPrefix(remote, socketPrefix) + go chshare.HandleUnixDomainSocketStream(l, &c.connStats, stream, remote) + } else { + go chshare.HandleTCPStream(l, &c.connStats, stream, remote) + } } } diff --git a/main.go b/main.go index 92e655d..75759b2 100644 --- a/main.go +++ b/main.go @@ -129,6 +129,10 @@ var serverHelp = ` --reverse, Allow clients to specify reverse port forwarding remotes in addition to normal remotes. + + --uds, Allow clients to connect to unix domain sockets on remote targets. + This mode is only supported by *nix family (linux, osx) + ` + commonHelp func server(args []string) { @@ -146,6 +150,7 @@ func server(args []string) { reverse := flags.Bool("reverse", false, "") pid := flags.Bool("pid", false, "") verbose := flags.Bool("v", false, "") + uds := flags.Bool("uds", false, "") flags.Usage = func() { fmt.Print(serverHelp) @@ -178,6 +183,7 @@ func server(args []string) { Proxy: *proxy, Socks5: *socks5, Reverse: *reverse, + UdsOk: *uds, }) if err != nil { log.Fatal(err) diff --git a/server/handler.go b/server/handler.go index cb68759..0ee1f88 100644 --- a/server/handler.go +++ b/server/handler.go @@ -4,6 +4,7 @@ import ( "context" "io" "net/http" + "runtime" "strings" "sync/atomic" "time" @@ -108,6 +109,11 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) { failed(s.Errorf("Reverse port forwaring not enabled on server")) return } + if r.Uds && !s.udsOk { + clog.Debugf("Denied unix domain socket forwarding request, please enable --uds") + failed(s.Errorf("Unix domain socket not enabled on server")) + return + } } //if user is provided, ensure they have //access to the desired remotes @@ -159,6 +165,7 @@ func (s *Server) handleSSHRequests(clientLog *chshare.Logger, reqs <-chan *ssh.R } func (s *Server) handleSSHChannels(clientLog *chshare.Logger, chans <-chan ssh.NewChannel) { + socketPrefix := "unix://" for ch := range chans { remote := string(ch.ExtraData()) socks := remote == "socks" @@ -176,10 +183,22 @@ func (s *Server) handleSSHChannels(clientLog *chshare.Logger, chans <-chan ssh.N } go ssh.DiscardRequests(reqs) //handle stream type - connID := s.connStats.New() if socks { + connID := s.connStats.New() go s.handleSocksStream(clientLog.Fork("socksconn#%d", connID), stream) + } else if strings.HasPrefix(remote, socketPrefix) { + if !s.udsOk { + clientLog.Debugf("Unix domain socket is not allowed by the server") + } + if runtime.GOOS != "linux" && runtime.GOOS != "darwin" { + clientLog.Debugf("Unix domain socket is only supported on *nix system") + continue + } + remote := strings.TrimPrefix(remote, socketPrefix) + connID := s.connStats.New() + go chshare.HandleUnixDomainSocketStream(clientLog.Fork("unixconn#%d", connID), &s.connStats, stream, remote) } else { + connID := s.connStats.New() go chshare.HandleTCPStream(clientLog.Fork("conn#%d", connID), &s.connStats, stream, remote) } } diff --git a/server/server.go b/server/server.go index 7cf98d9..337bcfd 100644 --- a/server/server.go +++ b/server/server.go @@ -25,6 +25,7 @@ type Config struct { Proxy string Socks5 bool Reverse bool + UdsOk bool } // Server respresent a chisel service @@ -40,6 +41,7 @@ type Server struct { sshConfig *ssh.ServerConfig users *chshare.UserIndex reverseOk bool + udsOk bool } var upgrader = websocket.Upgrader{ @@ -55,6 +57,7 @@ func NewServer(config *Config) (*Server, error) { Logger: chshare.NewLogger("server"), sessions: chshare.NewUsers(), reverseOk: config.Reverse, + udsOk: config.UdsOk, } s.Info = true s.users = chshare.NewUserIndex(s.Logger) diff --git a/share/remote.go b/share/remote.go index 3aad30e..b6250f1 100644 --- a/share/remote.go +++ b/share/remote.go @@ -3,7 +3,9 @@ package chshare import ( "errors" "net/url" + "os" "regexp" + "runtime" "strings" ) @@ -17,16 +19,24 @@ import ( // 3000:google.com:80 -> // local 127.0.0.1:3000 // remote google.com:80 +// 3000:unix:///tmp/mysql.sock -> +// local 127.0.0.1:3000 +// remote (local sock) /tmp/mysql.sock +// R:unix:///tmp/mysql.sock:3000 -> +// local (local sock) /tmp/mysql.sock +// remote 127.0.0.1:3000 // 192.168.0.1:3000:google.com:80 -> // local 192.168.0.1:3000 // remote google.com:80 type Remote struct { LocalHost, LocalPort, RemoteHost, RemotePort string - Socks, Reverse bool + Socks, Uds, Reverse bool } const revPrefix = "R:" +const udsScheme = "unix" +const udsPrefix = udsScheme + "://" func DecodeRemote(s string) (*Remote, error) { reverse := false @@ -60,6 +70,21 @@ func DecodeRemote(s string) (*Remote, error) { } continue } + //last part unix://path/to/unix/domain/socket + if i == len(parts)-1 && isUds(udsScheme+":"+p) { + udsPath := strings.TrimPrefix(p, "//") + if reverse { + if runtime.GOOS != "linux" && runtime.GOOS != "darwin" { + return nil, errors.New("Unix domain socket is only supported on *nix system") + } + if _, err := os.Stat(udsPath); os.IsNotExist(err) { + return nil, errors.New("Unix domain socket " + udsPath + " does not exist!") + } + } + r.RemotePort = udsPath + r.Uds = true + continue + } if !r.Socks && (r.RemotePort == "" && r.LocalPort == "") { return nil, errors.New("Missing ports") } @@ -90,6 +115,17 @@ func DecodeRemote(s string) (*Remote, error) { var isPortRegExp = regexp.MustCompile(`^\d+$`) +func isUds(s string) bool { + if !strings.HasPrefix(s, udsPrefix) { + return false + } + url, err := url.Parse(s) + if err != nil || s != udsPrefix+url.Hostname()+url.Path { + return false + } + return true +} + func isPort(s string) bool { if !isPortRegExp.MatchString(s) { return false @@ -118,5 +154,9 @@ func (r *Remote) Remote() string { if r.Socks { return "socks" } - return r.RemoteHost + ":" + r.RemotePort + joiner := ":" + if r.Uds { + joiner += "//" + } + return r.RemoteHost + joiner + r.RemotePort } diff --git a/share/ssh.go b/share/ssh.go index 610c59b..3f1b4a3 100644 --- a/share/ssh.go +++ b/share/ssh.go @@ -44,7 +44,15 @@ func FingerprintKey(k ssh.PublicKey) string { } func HandleTCPStream(l *Logger, connStats *ConnStats, src io.ReadWriteCloser, remote string) { - dst, err := net.Dial("tcp", remote) + HandleDuplexStream(l, connStats, src, "tcp", remote) +} + +func HandleUnixDomainSocketStream(l *Logger, connStats *ConnStats, src io.ReadWriteCloser, remote string) { + HandleDuplexStream(l, connStats, src, "unix", remote) +} + +func HandleDuplexStream(l *Logger, connStats *ConnStats, src io.ReadWriteCloser, protocol string, remote string) { + dst, err := net.Dial(protocol, remote) if err != nil { l.Debugf("Remote failed (%s)", err) src.Close() -- Gitee From ed542dd51a9bb204de7b985308b8529326218f2d Mon Sep 17 00:00:00 2001 From: "sam@23.199" Date: Fri, 1 Apr 2022 21:58:44 +0800 Subject: [PATCH 03/14] UdsOK > UdsMode --- main.go | 2 +- server/handler.go | 4 ++-- server/server.go | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/main.go b/main.go index 75759b2..73f25b2 100644 --- a/main.go +++ b/main.go @@ -183,7 +183,7 @@ func server(args []string) { Proxy: *proxy, Socks5: *socks5, Reverse: *reverse, - UdsOk: *uds, + UdsMode: *uds, }) if err != nil { log.Fatal(err) diff --git a/server/handler.go b/server/handler.go index 0ee1f88..9b38e75 100644 --- a/server/handler.go +++ b/server/handler.go @@ -109,7 +109,7 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) { failed(s.Errorf("Reverse port forwaring not enabled on server")) return } - if r.Uds && !s.udsOk { + if r.Uds && !s.UdsMode { clog.Debugf("Denied unix domain socket forwarding request, please enable --uds") failed(s.Errorf("Unix domain socket not enabled on server")) return @@ -187,7 +187,7 @@ func (s *Server) handleSSHChannels(clientLog *chshare.Logger, chans <-chan ssh.N connID := s.connStats.New() go s.handleSocksStream(clientLog.Fork("socksconn#%d", connID), stream) } else if strings.HasPrefix(remote, socketPrefix) { - if !s.udsOk { + if !s.UdsMode { clientLog.Debugf("Unix domain socket is not allowed by the server") } if runtime.GOOS != "linux" && runtime.GOOS != "darwin" { diff --git a/server/server.go b/server/server.go index 337bcfd..30442c1 100644 --- a/server/server.go +++ b/server/server.go @@ -25,7 +25,7 @@ type Config struct { Proxy string Socks5 bool Reverse bool - UdsOk bool + UdsMode bool } // Server respresent a chisel service @@ -41,7 +41,7 @@ type Server struct { sshConfig *ssh.ServerConfig users *chshare.UserIndex reverseOk bool - udsOk bool + UdsMode bool } var upgrader = websocket.Upgrader{ @@ -57,7 +57,7 @@ func NewServer(config *Config) (*Server, error) { Logger: chshare.NewLogger("server"), sessions: chshare.NewUsers(), reverseOk: config.Reverse, - udsOk: config.UdsOk, + UdsMode: config.UdsMode, } s.Info = true s.users = chshare.NewUserIndex(s.Logger) -- Gitee From 3c0e987b3d76fde2cce901b36e91c3bf88a6e8c1 Mon Sep 17 00:00:00 2001 From: "sam@23.199" Date: Sat, 2 Apr 2022 13:48:21 +0800 Subject: [PATCH 04/14] remote.go: struct Remote: +RemoteUds, LocalUds string --- anay: notes remote.go MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit anay: DecodeRemote// 解析组装remote结构体: 只在client端调用 remote.go: //local: unixSocket模式 --- share/remote.go | 52 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 13 deletions(-) diff --git a/share/remote.go b/share/remote.go index b6250f1..f7fdc8c 100644 --- a/share/remote.go +++ b/share/remote.go @@ -19,18 +19,20 @@ import ( // 3000:google.com:80 -> // local 127.0.0.1:3000 // remote google.com:80 -// 3000:unix:///tmp/mysql.sock -> +// 192.168.0.1:3000:google.com:80 -> +// local 192.168.0.1:3000 +// remote google.com:80 + +// +// 3000:unix:///tmp/mysql.sock -> ##OK // local 127.0.0.1:3000 // remote (local sock) /tmp/mysql.sock -// R:unix:///tmp/mysql.sock:3000 -> +// R:unix:///tmp/mysql.sock:3000 -> ##ERR? // local (local sock) /tmp/mysql.sock // remote 127.0.0.1:3000 -// 192.168.0.1:3000:google.com:80 -> -// local 192.168.0.1:3000 -// remote google.com:80 type Remote struct { - LocalHost, LocalPort, RemoteHost, RemotePort string + LocalHost, LocalPort, RemoteHost, RemotePort, RemoteUds, LocalUds string Socks, Uds, Reverse bool } @@ -38,6 +40,7 @@ const revPrefix = "R:" const udsScheme = "unix" const udsPrefix = udsScheme + "://" +// 解析组装remote结构体: 只在client端调用 func DecodeRemote(s string) (*Remote, error) { reverse := false if strings.HasPrefix(s, revPrefix) { @@ -49,6 +52,9 @@ func DecodeRemote(s string) (*Remote, error) { return nil, errors.New("Invalid remote") } r := &Remote{Reverse: reverse} + r.RemoteUds="tcpMode" + r.LocalUds="tcpMode" + for i := len(parts) - 1; i >= 0; i-- { p := parts[i] //last part "socks"? @@ -71,8 +77,10 @@ func DecodeRemote(s string) (*Remote, error) { continue } //last part unix://path/to/unix/domain/socket - if i == len(parts)-1 && isUds(udsScheme+":"+p) { - udsPath := strings.TrimPrefix(p, "//") + // R:127.0.0.1:XXX:UNIX:///tmp/xx1.socket + // isUds(udsScheme+":"+p) ##由于unix://本身被分割了 + if i == len(parts)-1 && isUds(udsScheme+":"+p) { //i == len(parts)-1; + udsPath := strings.TrimPrefix(p, "//") //直接记录的 /tmp/xx1.socket到rPort内 if reverse { if runtime.GOOS != "linux" && runtime.GOOS != "darwin" { return nil, errors.New("Unix domain socket is only supported on *nix system") @@ -81,10 +89,28 @@ func DecodeRemote(s string) (*Remote, error) { return nil, errors.New("Unix domain socket " + udsPath + " does not exist!") } } - r.RemotePort = udsPath + r.RemotePort = udsPath //写到rPort; + r.RemoteUds = udsPath //+ r.Uds = true continue } + //local: unixSocket模式 + if isUds(udsScheme+":"+p) { + udsPath := strings.TrimPrefix(p, "//") + if reverse { + if runtime.GOOS != "linux" && runtime.GOOS != "darwin" { + return nil, errors.New("Unix domain socket is only supported on *nix system") + } + /* if _, err := os.Stat(udsPath); os.IsNotExist(err) { + return nil, errors.New("Unix domain socket " + udsPath + " does not exist!") + } */ + } + // r.LocalPort = udsPath //写到lPort; + r.LocalUds = udsPath //+ + r.Uds = true + continue + } + //Socks if !r.Socks && (r.RemotePort == "" && r.LocalPort == "") { return nil, errors.New("Missing ports") } @@ -97,6 +123,7 @@ func DecodeRemote(s string) (*Remote, error) { r.LocalHost = p } } + //Host emp: fill data if r.LocalHost == "" { if r.Socks { r.LocalHost = "127.0.0.1" @@ -113,8 +140,6 @@ func DecodeRemote(s string) (*Remote, error) { return r, nil } -var isPortRegExp = regexp.MustCompile(`^\d+$`) - func isUds(s string) bool { if !strings.HasPrefix(s, udsPrefix) { return false @@ -126,6 +151,7 @@ func isUds(s string) bool { return true } +var isPortRegExp = regexp.MustCompile(`^\d+$`) func isPort(s string) bool { if !isPortRegExp.MatchString(s) { return false @@ -142,7 +168,7 @@ func isHost(s string) bool { } //implement Stringer -func (r *Remote) String() string { +func (r *Remote) String() string { // tag := "" if r.Reverse { tag = revPrefix @@ -150,7 +176,7 @@ func (r *Remote) String() string { return tag + r.LocalHost + ":" + r.LocalPort + "=>" + r.Remote() } -func (r *Remote) Remote() string { +func (r *Remote) Remote() string { // if r.Socks { return "socks" } -- Gitee From ae36617d9eaf76f2cd8c76e27aedc19f6b3926f1 Mon Sep 17 00:00:00 2001 From: "sam@23.199" Date: Sat, 2 Apr 2022 17:20:22 +0800 Subject: [PATCH 05/14] =?UTF-8?q?remote.go:=20fix=20Remote.go=E5=8F=96?= =?UTF-8?q?=E5=80=BC;=20udsTest=20OK=20---=20anay:=20Remote()=20=E5=8F=AA?= =?UTF-8?q?=E8=A2=ABproxy.go=20>=20accept=E4=B8=80=E5=A4=84=E8=B0=83?= =?UTF-8?q?=E7=94=A8;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Remote(): // TODO: 改从RemoteUds内取值 --- share/remote.go | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) diff --git a/share/remote.go b/share/remote.go index f7fdc8c..bd2363a 100644 --- a/share/remote.go +++ b/share/remote.go @@ -23,7 +23,7 @@ import ( // local 192.168.0.1:3000 // remote google.com:80 -// +// // 3000:unix:///tmp/mysql.sock -> ##OK // local 127.0.0.1:3000 // remote (local sock) /tmp/mysql.sock @@ -114,6 +114,10 @@ func DecodeRemote(s string) (*Remote, error) { if !r.Socks && (r.RemotePort == "" && r.LocalPort == "") { return nil, errors.New("Missing ports") } + //不干扰原模式: 第一个unix及rHost都不写入Remote主机字段 + if p == "unix" { //skip host set, 之前模式是用到的: .Remote() 拼接: unix+":"+"//"+rPort + continue + } if !isHost(p) { return nil, errors.New("Invalid host") } @@ -173,16 +177,45 @@ func (r *Remote) String() string { // if r.Reverse { tag = revPrefix } - return tag + r.LocalHost + ":" + r.LocalPort + "=>" + r.Remote() + bind:= "" + if "tcpMode" == r.LocalUds { + bind= r.LocalHost + ":" + r.LocalPort + } else { + bind= r.LocalUds + } + return tag + bind + "=>" + r.Remote() } -func (r *Remote) Remote() string { // +// 只proxy.go> accept一处用到: bind的端口做accept时, sshConn建立远端的channel; +// TODO: 改从RemoteUds内取值: (当r.Uds时 当前回的串格式?) +func (r *Remote) Remote00() string { //拼装获取remote地址: rHost+rPort if r.Socks { return "socks" } joiner := ":" if r.Uds { joiner += "//" - } + } + + //uds时socket路径存放于rPort, rHost直接为空? just: :///var/run/xxx.socket?? ##host 应该为unix; + // log: r.RemoteHost + joiner + r.RemotePort return r.RemoteHost + joiner + r.RemotePort } +func (r *Remote) Remote() string { //拼装获取remote地址: rHost+rPort + if r.Socks { + return "socks" + } + joiner := ":" + /* if r.Uds { + joiner += "//" + } */ + + //uds时socket路径存放于rPort, rHost直接为空? just: :///var/run/xxx.socket?? ##host 应该为unix; + // log: r.RemoteHost + joiner + r.RemotePort + if "tcpMode" == r.RemoteUds { + return r.RemoteHost + joiner + r.RemotePort + } else { + return "unix://"+r.RemoteUds + } + +} \ No newline at end of file -- Gitee From 0978a76c7540dfeeb6d180c95cd91050eaf4cfe7 Mon Sep 17 00:00:00 2001 From: "sam@23.199" Date: Sat, 2 Apr 2022 15:15:28 +0800 Subject: [PATCH 06/14] =?UTF-8?q?proxy.go:=20listen=5Fuds:=20tested=20ok?= =?UTF-8?q?=20---=20anay:=20proxy=E5=8F=96localHost,Port=E4=BF=A1=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit cp listen_uds proxy支持uds --- proxy > Start绑端口判断 LocalUds LocalPort; > 改存于LocalUds内 fix format --- share/proxy.go | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/share/proxy.go b/share/proxy.go index 862a5d7..46f500b 100644 --- a/share/proxy.go +++ b/share/proxy.go @@ -5,6 +5,7 @@ import ( "fmt" "io" "net" + "os" "github.com/jpillora/sizestr" "golang.org/x/crypto/ssh" @@ -30,8 +31,32 @@ func NewTCPProxy(logger *Logger, ssh GetSSHConn, index int, remote *Remote) *TCP } } +func listen_uds(sockpath string) (net.Listener, error) { + // hand: touch /data/unix.socket + // sockpath := "/tmp/t1_unix.socket" + os.Remove(sockpath) + + // unix socket + addr, err := net.ResolveUnixAddr("unix", sockpath) + if err != nil { + panic("Cannot resolve unix addr: " + err.Error()) + } + fmt.Println(addr.String()) + + listener, err := net.ListenUnix("unix", addr) + + return listener, nil +} +//被ser.handler; client两端共用 func (p *TCPProxy) Start(ctx context.Context) error { - l, err := net.Listen("tcp4", p.remote.LocalHost+":"+p.remote.LocalPort) + //if LocalUds非空 + var l net.Listener; var err error + if "tcpMode" == p.remote.LocalUds { + l, err = net.Listen("tcp4", p.remote.LocalHost+":"+p.remote.LocalPort) //localHost > bindHost, bindPort + } else { + l, err = listen_uds(p.remote.LocalUds) //只用LocalPort即可; > 改存于LocalUds内 + } + if err != nil { return fmt.Errorf("%s: %s", p.Logger.Prefix(), err) } -- Gitee From b617ddf3f298f2c9df2f355ea26f1f22c45c0b71 Mon Sep 17 00:00:00 2001 From: "sam@23.199" Date: Sat, 2 Apr 2022 19:48:04 +0800 Subject: [PATCH 07/14] client.go: Remote jsonView # Conflicts: # client/client.go --- client/client.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/client/client.go b/client/client.go index f278402..b324a70 100644 --- a/client/client.go +++ b/client/client.go @@ -11,6 +11,7 @@ import ( "runtime" "strings" "time" + "encoding/json" chshare "gitee.com/g-devops/chisel/share" "github.com/gorilla/websocket" @@ -75,6 +76,10 @@ func NewClient(config *Config) (*Client, error) { return nil, fmt.Errorf("Failed to decode remote '%s': %s", s, err) } shared.Remotes = append(shared.Remotes, r) + + //jsonView + data, _:= json.Marshal(r) + fmt.Println(string(data)) } config.shared = shared client := &Client{ -- Gitee From 7372d4fa5d6832b1047e98d4a2142e514b28f64e Mon Sep 17 00:00:00 2001 From: "sam@23.199" Date: Fri, 1 Apr 2022 14:40:54 +0800 Subject: [PATCH 08/14] squash: example --- cp clear main.go MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rename clientRun clear cli cli conn *reverse = true // go test mode t1 8998> 18998 >> 28998 curl --unix-socket /tmp/t1_unix.socket http://localhost "go.testTimeout": "1h",; debug调试可退进程 ig --- example/.gitignore | 1 + example/clientRun.go | 76 ++++++++++++++++ example/serverRun.go | 167 ++++++++++++++++++++++++++++++++++ example/server_client_test.go | 23 +++++ example/t1/main.go | 104 +++++++++++++++++++++ 5 files changed, 371 insertions(+) create mode 100644 example/.gitignore create mode 100644 example/clientRun.go create mode 100644 example/serverRun.go create mode 100644 example/server_client_test.go create mode 100644 example/t1/main.go diff --git a/example/.gitignore b/example/.gitignore new file mode 100644 index 0000000..6f69394 --- /dev/null +++ b/example/.gitignore @@ -0,0 +1 @@ +__*_bin diff --git a/example/clientRun.go b/example/clientRun.go new file mode 100644 index 0000000..1bcf52a --- /dev/null +++ b/example/clientRun.go @@ -0,0 +1,76 @@ +package example + +import ( + "flag" + "strings" + // "fmt" + // "io/ioutil" + "log" + "os" + + // "strconv" + + chclient "gitee.com/g-devops/chisel/client" + // chserver "gitee.com/g-devops/chisel/server" + chshare "gitee.com/g-devops/chisel/share" +) + +func main2() { + args := flag.Args() + // server(args) + client(args) +} + +func client(args []string) { + flags := flag.NewFlagSet("client", flag.ContinueOnError) + + fingerprint := flags.String("fingerprint", "", "") + auth := flags.String("auth", "", "") + keepalive := flags.Duration("keepalive", 0, "") + maxRetryCount := flags.Int("max-retry-count", -1, "") + maxRetryInterval := flags.Duration("max-retry-interval", 0, "") + proxy := flags.String("proxy", "", "") + // pid := flags.Bool("pid", false, "") + hostname := flags.String("hostname", "", "") + verbose := flags.Bool("v", false, "") + /* flags.Usage = func() { + fmt.Print(clientHelp) + os.Exit(1) + } */ + flags.Parse(args) + //pull out options, put back remaining args + args = flags.Args() + if *auth == "" { + *auth = os.Getenv("AUTH") + } + + // ser:= args[0] + // remotes:= args[1:] + + // str:= "R:127.0.0.1:18998:localhost:8998" //"aa|bb" + str:= "R:127.0.0.1:18998:localhost:8998|127.0.0.1:28998:localhost:18998" + ser:= "localhost:8080" + remotes:= strings.Split(str, "|") + c, err := chclient.NewClient(&chclient.Config{ + Fingerprint: *fingerprint, + Auth: *auth, + KeepAlive: *keepalive, + MaxRetryCount: *maxRetryCount, + MaxRetryInterval: *maxRetryInterval, + HTTPProxy: *proxy, + Server: ser, + Remotes: remotes, + HostHeader: *hostname, + }) + if err != nil { + log.Fatal(err) + } + c.Debug = *verbose + /* if *pid { + generatePidFile() + } */ + go chshare.GoStats() + if err = c.Run(); err != nil { + log.Fatal(err) + } +} diff --git a/example/serverRun.go b/example/serverRun.go new file mode 100644 index 0000000..4aa5f13 --- /dev/null +++ b/example/serverRun.go @@ -0,0 +1,167 @@ +package example + +import ( + "flag" + // "fmt" + // "io/ioutil" + "log" + "os" + // "strconv" + + // chclient "gitee.com/g-devops/chisel/client" + chserver "gitee.com/g-devops/chisel/server" + chshare "gitee.com/g-devops/chisel/share" +) + +func main1() { + + /* version := flag.Bool("version", false, "") + v := flag.Bool("v", false, "") + flag.Bool("help", false, "") + flag.Bool("h", false, "") + flag.Usage = func() {} + flag.Parse() + + if *version || *v { + fmt.Println(chshare.BuildVersion) + os.Exit(1) + } */ + + /* args := flag.Args() + + subcmd := "" + if len(args) > 0 { + subcmd = args[0] + args = args[1:] + } + + switch subcmd { + case "server": + server(args) + case "client": + client(args) + default: + fmt.Fprintf(os.Stderr, help) + os.Exit(1) + } */ + + args := flag.Args() + server(args) + // client(args) +} + +func server(args []string) { + + flags := flag.NewFlagSet("server", flag.ContinueOnError) + + host := flags.String("host", "", "") + // p := flags.String("p", "", "") + port := flags.String("port", "", "") + key := flags.String("key", "", "") + authfile := flags.String("authfile", "", "") + auth := flags.String("auth", "", "") + proxy := flags.String("proxy", "", "") + socks5 := flags.Bool("socks5", false, "") + reverse := flags.Bool("reverse", false, "") + // pid := flags.Bool("pid", false, "") + verbose := flags.Bool("v", false, "") + uds := flags.Bool("uds", false, "") + + /* flags.Usage = func() { + fmt.Print(serverHelp) + os.Exit(1) + } */ + flags.Parse(args) + + /* if *host == "" { + *host = os.Getenv("HOST") + } + if *host == "" { + *host = "0.0.0.0" + } + if *port == "" { + *port = *p + } + if *port == "" { + *port = os.Getenv("PORT") + } + if *port == "" { + *port = "8080" + } + if *key == "" { + *key = os.Getenv("CHISEL_KEY") + } */ + + *port = "8080" + *key = os.Getenv("CHISEL_KEY") + *reverse = true // + s, err := chserver.NewServer(&chserver.Config{ + KeySeed: *key, + AuthFile: *authfile, + Auth: *auth, + Proxy: *proxy, + Socks5: *socks5, + Reverse: *reverse, + UdsOk: *uds, + }) + if err != nil { + log.Fatal(err) + } + s.Debug = *verbose + /* if *pid { + generatePidFile() + } */ + go chshare.GoStats() + if err = s.Run(*host, *port); err != nil { + log.Fatal(err) + } +} + +// func client(args []string) { + +// flags := flag.NewFlagSet("client", flag.ContinueOnError) + +// fingerprint := flags.String("fingerprint", "", "") +// auth := flags.String("auth", "", "") +// keepalive := flags.Duration("keepalive", 0, "") +// maxRetryCount := flags.Int("max-retry-count", -1, "") +// maxRetryInterval := flags.Duration("max-retry-interval", 0, "") +// proxy := flags.String("proxy", "", "") +// // pid := flags.Bool("pid", false, "") +// hostname := flags.String("hostname", "", "") +// verbose := flags.Bool("v", false, "") +// /* flags.Usage = func() { +// fmt.Print(clientHelp) +// os.Exit(1) +// } */ +// flags.Parse(args) +// //pull out options, put back remaining args +// args = flags.Args() +// if *auth == "" { +// *auth = os.Getenv("AUTH") +// } + + +// c, err := chclient.NewClient(&chclient.Config{ +// Fingerprint: *fingerprint, +// Auth: *auth, +// KeepAlive: *keepalive, +// MaxRetryCount: *maxRetryCount, +// MaxRetryInterval: *maxRetryInterval, +// HTTPProxy: *proxy, +// Server: args[0], +// Remotes: args[1:], +// HostHeader: *hostname, +// }) +// if err != nil { +// log.Fatal(err) +// } +// c.Debug = *verbose +// /* if *pid { +// generatePidFile() +// } */ +// go chshare.GoStats() +// if err = c.Run(); err != nil { +// log.Fatal(err) +// } +// } diff --git a/example/server_client_test.go b/example/server_client_test.go new file mode 100644 index 0000000..562d92d --- /dev/null +++ b/example/server_client_test.go @@ -0,0 +1,23 @@ +package example + +import ( + "fmt" + "testing" + "flag" +) + +// .config/Code/User/settings.json << "go.testFlags": ["-v"], "go.testTimeout": "1h", +func Test1(t *testing.T){ + fmt.Println("hello sam") +} + +// debugMode: 可停止退出进程 +func Test_server(t *testing.T){ + args := flag.Args() + server(args) +} +func Test_client(t *testing.T){ + args := flag.Args() + // server(args) + client(args) +} diff --git a/example/t1/main.go b/example/t1/main.go new file mode 100644 index 0000000..aa6374d --- /dev/null +++ b/example/t1/main.go @@ -0,0 +1,104 @@ +package main + +// https://www.cnblogs.com/walkinginthesun/p/10397539.html +import ( + "context" + "fmt" + "io" + "io/ioutil" + "log" + "net" + "net/http" + "time" + "os" +) + +var handlersMap = make(map[string]http.HandlerFunc) + +func f1(w http.ResponseWriter, r *http.Request) { + io.WriteString(w, "software is healthy\n") +} + +type bluetool struct { +} + +func (bt *bluetool) ServeHTTP(w http.ResponseWriter, r *http.Request) { + msg := fmt.Sprintf("url is %s\n",r.URL.String()) + io.WriteString(w, msg) + if h, ok := handlersMap[r.URL.String()]; ok { + h(w, r) + } +} + +//cp from fk-agent +//headless@mac23-199:~$ curl --unix-socket /tmp/t1_unix.socket http://localhost #8998> 18998 > 28998/uds ##查看文件 +func main() { + sockpath := "/tmp/t1_unix.socket" + // hand: touch /data/unix.socket + os.Remove(sockpath) + + // server + bt := new(bluetool) + handlersMap["/health"] = f1 + + // unix socket + addr, err := net.ResolveUnixAddr("unix", sockpath) + if err != nil { + panic("Cannot resolve unix addr: " + err.Error()) + } + fmt.Println(addr.String()) + + listener, err := net.ListenUnix("unix", addr) + defer listener.Close() + if err != nil { + panic("Cannot listen to unix domain socket: " + err.Error()) + } + fmt.Println("Listening on", listener.Addr()) + + donec := make(chan struct{}) + go func() { + defer close(donec) + http.Serve(listener, bt) + }() + defer func() { + listener.Close() + <-donec + }() + + + // client + defaultTimeout := 10 * time.Second + tr := new(http.Transport) + tr.DisableCompression = true + tr.DialContext = func(_ context.Context, _, _ string) (net.Conn, error) { + return net.DialTimeout("unix", sockpath, defaultTimeout) + } + client := &http.Client{Transport: tr} + + if _, ok := client.Transport.(http.RoundTripper); !ok { + fmt.Printf("unable to verify TLS configuration, invalid transport %v", client.Transport) + } + + + //url := "http://" + listener.Addr().String() + "/health" + //pingUrl := url.URL{Scheme:"unix",Host:sockpath, Path:path.Join("/","/health")} + //fmt.Println(pingUrl) + + var body io.Reader + body=nil + request, err := http.NewRequest("GET", "/health", body) + request.URL.Scheme="http" + request.URL.Host = sockpath + // fmt.Println(request) + + resp, err := client.Do(request) + if err != nil { + log.Fatalf("fetch error: %v", err) + } + b, err := ioutil.ReadAll(resp.Body) + resp.Body.Close() + if err != nil { + log.Fatalf("fetch error: reading %v", err) + } + fmt.Println(string(b)) +} \ No newline at end of file -- Gitee From f2ed473d777c63d738ec0f18572ffdb3b612c08c Mon Sep 17 00:00:00 2001 From: "sam@23.199" Date: Sat, 2 Apr 2022 12:29:24 +0800 Subject: [PATCH 09/14] =?UTF-8?q?example=E8=B0=83=E8=AF=95uds=20---=20exam?= =?UTF-8?q?ple:=20param=20out?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit test uds example: *uds = true example: test > curl --unix-socket /tmp/chisel-18998.socket localhost/ reverts uds test ok test //串联 sock< 8998 | 28998 < sock; OK fix example --- example/clientRun.go | 14 +++++--------- example/serverRun.go | 3 ++- example/server_client_test.go | 14 +++++++++++++- 3 files changed, 20 insertions(+), 11 deletions(-) diff --git a/example/clientRun.go b/example/clientRun.go index 1bcf52a..59c8720 100644 --- a/example/clientRun.go +++ b/example/clientRun.go @@ -2,7 +2,7 @@ package example import ( "flag" - "strings" + // "strings" // "fmt" // "io/ioutil" "log" @@ -15,13 +15,13 @@ import ( chshare "gitee.com/g-devops/chisel/share" ) -func main2() { +/* func main2() { args := flag.Args() // server(args) client(args) -} +} */ -func client(args []string) { +func client(args []string, ser string, remotes []string) { flags := flag.NewFlagSet("client", flag.ContinueOnError) fingerprint := flags.String("fingerprint", "", "") @@ -46,11 +46,7 @@ func client(args []string) { // ser:= args[0] // remotes:= args[1:] - - // str:= "R:127.0.0.1:18998:localhost:8998" //"aa|bb" - str:= "R:127.0.0.1:18998:localhost:8998|127.0.0.1:28998:localhost:18998" - ser:= "localhost:8080" - remotes:= strings.Split(str, "|") + c, err := chclient.NewClient(&chclient.Config{ Fingerprint: *fingerprint, Auth: *auth, diff --git a/example/serverRun.go b/example/serverRun.go index 4aa5f13..a87e791 100644 --- a/example/serverRun.go +++ b/example/serverRun.go @@ -95,6 +95,7 @@ func server(args []string) { *port = "8080" *key = os.Getenv("CHISEL_KEY") *reverse = true // + *uds = true s, err := chserver.NewServer(&chserver.Config{ KeySeed: *key, AuthFile: *authfile, @@ -102,7 +103,7 @@ func server(args []string) { Proxy: *proxy, Socks5: *socks5, Reverse: *reverse, - UdsOk: *uds, + UdsMode: *uds, }) if err != nil { log.Fatal(err) diff --git a/example/server_client_test.go b/example/server_client_test.go index 562d92d..7ce8574 100644 --- a/example/server_client_test.go +++ b/example/server_client_test.go @@ -4,6 +4,7 @@ import ( "fmt" "testing" "flag" + "strings" ) // .config/Code/User/settings.json << "go.testFlags": ["-v"], "go.testTimeout": "1h", @@ -19,5 +20,16 @@ func Test_server(t *testing.T){ func Test_client(t *testing.T){ args := flag.Args() // server(args) - client(args) + + // tcpMode + // connstr:= "R:127.0.0.1:18998:localhost:8998" //"aa|bb" + // connstr:= "R:127.0.0.1:18998:localhost:8998|127.0.0.1:28998:localhost:18998" //ReverseBindServer> bindClient + + // unixMode: curl --unix-socket /tmp/chisel-18998.socket localhost/ + // connstr:= "unix:///tmp/chisel-18998.socket:localhost:8998" + // connstr:= "R:unix:///tmp/chisel-18998.socket:localhost:8998" + connstr:= "R:unix:///tmp/chisel-18998.socket:localhost:8998|127.0.0.1:28998:unix:///tmp/chisel-18998.socket" //串联 sock< 8998 | 28998 < sock + ser:= "localhost:8080" + remotes:= strings.Split(connstr, "|") + client(args, ser, remotes) } -- Gitee From d5d4860b0e8033bb025fe38eec4a916036f5f5f1 Mon Sep 17 00:00:00 2001 From: "sam@gemibook" Date: Sun, 3 Apr 2022 13:12:54 +0800 Subject: [PATCH 10/14] anay: sshAuth >> PasswordCallback: s.authUser --- server/server.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/server/server.go b/server/server.go index 30442c1..a9e5539 100644 --- a/server/server.go +++ b/server/server.go @@ -85,7 +85,7 @@ func NewServer(config *Config) (*Server, error) { //create ssh config s.sshConfig = &ssh.ServerConfig{ ServerVersion: "SSH-" + chshare.ProtocolVersion + "-server", - PasswordCallback: s.authUser, + PasswordCallback: s.authUser, //sshAuth? } s.sshConfig.AddHostKey(private) //setup reverse proxy @@ -170,19 +170,19 @@ func (s *Server) GetFingerprint() string { // authUser is responsible for validating the ssh user / password combination func (s *Server) authUser(c ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) { // check if user authenication is enable and it not allow all - if s.users.Len() == 0 { + if s.users.Len() == 0 { //如未设定帐号,passed return nil, nil } // check the user exists and has matching password n := c.User() user, found := s.users.Get(n) - if !found || user.Pass != string(password) { + if !found || user.Pass != string(password) { //auth s.Debugf("Login failed for user: %s", n) return nil, errors.New("Invalid authentication for username: %s") } // insert the user session map // @note: this should probably have a lock on it given the map isn't thread-safe?? - s.sessions.Set(string(c.SessionID()), user) + s.sessions.Set(string(c.SessionID()), user) //set user to s.sessions return nil, nil } -- Gitee From b0dc12ca81f4dfff830ac0ca649bbae196bdf74b Mon Sep 17 00:00:00 2001 From: "sam@gemibook" Date: Sun, 3 Apr 2022 13:13:55 +0800 Subject: [PATCH 11/14] ser-handler: judge access > //tcpMode || udsMode --- server/handler.go | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/server/handler.go b/server/handler.go index 9b38e75..4133455 100644 --- a/server/handler.go +++ b/server/handler.go @@ -67,7 +67,7 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) { var user *chshare.User if s.users.Len() > 0 { sid := string(sshConn.SessionID()) - user, _ = s.sessions.Get(sid) + user, _ = s.sessions.Get(sid) //s.sessions: set by server.go: authUser s.sessions.Del(sid) } //verify configuration @@ -115,15 +115,26 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) { return } } + + // judge user's access //if user is provided, ensure they have //access to the desired remotes if user != nil { for _, r := range c.Remotes { var addr string - if r.Reverse { - addr = "R:" + r.LocalHost + ":" + r.LocalPort - } else { - addr = r.RemoteHost + ":" + r.RemotePort + if r.Reverse { //validate bind addr + //tcpMode || udsMode + if "tcpMode" == r.LocalUds { + addr = "R:" + r.LocalHost + ":" + r.LocalPort + } else { + addr = "R:" + r.LocalUds + } + } else { //validate remoteURI + if "tcpMode" == r.RemoteUds { + addr = r.RemoteHost + ":" + r.RemotePort + } else { + arr = r.RemoteUds + } } if !user.HasAccess(addr) { failed(s.Errorf("access to '%s' denied", addr)) -- Gitee From 85202cd1d644dee3c02b467c6c9c77c26c6f7ee5 Mon Sep 17 00:00:00 2001 From: "sam@gemibook" Date: Sun, 3 Apr 2022 13:26:38 +0800 Subject: [PATCH 12/14] fix --- server/handler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/handler.go b/server/handler.go index 4133455..febce6b 100644 --- a/server/handler.go +++ b/server/handler.go @@ -133,7 +133,7 @@ func (s *Server) handleWebsocket(w http.ResponseWriter, req *http.Request) { if "tcpMode" == r.RemoteUds { addr = r.RemoteHost + ":" + r.RemotePort } else { - arr = r.RemoteUds + addr = r.RemoteUds } } if !user.HasAccess(addr) { -- Gitee From 5662c49dd687ac2bbbfb03f6d2f1de1fa7b70e55 Mon Sep 17 00:00:00 2001 From: "sam@gemibook" Date: Sun, 3 Apr 2022 13:26:59 +0800 Subject: [PATCH 13/14] =?UTF-8?q?auth=20=E8=B0=83=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/clientRun.go | 1 + example/serverRun.go | 8 ++++++++ example/server_client_test.go | 3 +++ 3 files changed, 12 insertions(+) diff --git a/example/clientRun.go b/example/clientRun.go index 59c8720..06db8b0 100644 --- a/example/clientRun.go +++ b/example/clientRun.go @@ -46,6 +46,7 @@ func client(args []string, ser string, remotes []string) { // ser:= args[0] // remotes:= args[1:] + *auth= "user:pass" c, err := chclient.NewClient(&chclient.Config{ Fingerprint: *fingerprint, diff --git a/example/serverRun.go b/example/serverRun.go index a87e791..4f907da 100644 --- a/example/serverRun.go +++ b/example/serverRun.go @@ -112,6 +112,14 @@ func server(args []string) { /* if *pid { generatePidFile() } */ + + // s.AddUser("user", "pass", "aa.*") + // R:unix:///tmp/chisel-18998.socket:localhost:8998|127.0.0.1:28998:unix:///tmp/chisel-18998.socket + // server: access to 'R:/tmp/chisel-18998.socket' denied + // server: access to '/tmp/chisel-18998.socket' denied + // "R:bindURI|remoteURI" + s.AddUser("user", "pass", "R:/tmp/chisel-18998.socket|/tmp/chisel-18998.socket") + go chshare.GoStats() if err = s.Run(*host, *port); err != nil { log.Fatal(err) diff --git a/example/server_client_test.go b/example/server_client_test.go index 7ce8574..3879526 100644 --- a/example/server_client_test.go +++ b/example/server_client_test.go @@ -28,6 +28,9 @@ func Test_client(t *testing.T){ // unixMode: curl --unix-socket /tmp/chisel-18998.socket localhost/ // connstr:= "unix:///tmp/chisel-18998.socket:localhost:8998" // connstr:= "R:unix:///tmp/chisel-18998.socket:localhost:8998" + + // proxy#1:R:/tmp/chisel-18998.socket=>localhost:8998: Listening + // proxy#2:0.0.0.0:28998=>unix:///tmp/chisel-18998.socket: Listening connstr:= "R:unix:///tmp/chisel-18998.socket:localhost:8998|127.0.0.1:28998:unix:///tmp/chisel-18998.socket" //串联 sock< 8998 | 28998 < sock ser:= "localhost:8080" remotes:= strings.Split(connstr, "|") -- Gitee From f90868b58de0f906eaf9d9e9aa498b52306b6ff0 Mon Sep 17 00:00:00 2001 From: "sam@gemibook" Date: Sun, 3 Apr 2022 13:38:28 +0800 Subject: [PATCH 14/14] =?UTF-8?q?auth=E8=B0=83=E8=AF=95=EF=BC=9A=20out=20p?= =?UTF-8?q?arams?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- example/clientRun.go | 4 ++-- example/serverRun.go | 22 +++++++--------------- example/server_client_test.go | 22 ++++++++++++++++++++-- 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/example/clientRun.go b/example/clientRun.go index 06db8b0..9581ec6 100644 --- a/example/clientRun.go +++ b/example/clientRun.go @@ -21,7 +21,7 @@ import ( client(args) } */ -func client(args []string, ser string, remotes []string) { +func client(args []string, ser, auth0 string, remotes []string) { flags := flag.NewFlagSet("client", flag.ContinueOnError) fingerprint := flags.String("fingerprint", "", "") @@ -46,7 +46,7 @@ func client(args []string, ser string, remotes []string) { // ser:= args[0] // remotes:= args[1:] - *auth= "user:pass" + *auth= auth0 //"user:pass" c, err := chclient.NewClient(&chclient.Config{ Fingerprint: *fingerprint, diff --git a/example/serverRun.go b/example/serverRun.go index 4f907da..792ca5f 100644 --- a/example/serverRun.go +++ b/example/serverRun.go @@ -50,13 +50,13 @@ func main1() { // client(args) } -func server(args []string) { +func server(args []string) (*chserver.Server, error) { flags := flag.NewFlagSet("server", flag.ContinueOnError) - host := flags.String("host", "", "") - // p := flags.String("p", "", "") - port := flags.String("port", "", "") + // host := flags.String("host", "", "") + // // p := flags.String("p", "", "") + // port := flags.String("port", "", "") key := flags.String("key", "", "") authfile := flags.String("authfile", "", "") auth := flags.String("auth", "", "") @@ -92,7 +92,7 @@ func server(args []string) { *key = os.Getenv("CHISEL_KEY") } */ - *port = "8080" + // *port = "8080" *key = os.Getenv("CHISEL_KEY") *reverse = true // *uds = true @@ -113,17 +113,9 @@ func server(args []string) { generatePidFile() } */ - // s.AddUser("user", "pass", "aa.*") - // R:unix:///tmp/chisel-18998.socket:localhost:8998|127.0.0.1:28998:unix:///tmp/chisel-18998.socket - // server: access to 'R:/tmp/chisel-18998.socket' denied - // server: access to '/tmp/chisel-18998.socket' denied - // "R:bindURI|remoteURI" - s.AddUser("user", "pass", "R:/tmp/chisel-18998.socket|/tmp/chisel-18998.socket") - go chshare.GoStats() - if err = s.Run(*host, *port); err != nil { - log.Fatal(err) - } + return s, nil + } // func client(args []string) { diff --git a/example/server_client_test.go b/example/server_client_test.go index 3879526..cdad258 100644 --- a/example/server_client_test.go +++ b/example/server_client_test.go @@ -5,6 +5,10 @@ import ( "testing" "flag" "strings" + + "log" + // chserver "gitee.com/g-devops/chisel/server" + // chshare "gitee.com/g-devops/chisel/share" ) // .config/Code/User/settings.json << "go.testFlags": ["-v"], "go.testTimeout": "1h", @@ -15,7 +19,20 @@ func Test1(t *testing.T){ // debugMode: 可停止退出进程 func Test_server(t *testing.T){ args := flag.Args() - server(args) + s, err:= server(args) + host := "" + port := "8080" + + // s.AddUser("user", "pass", "aa.*") + // R:unix:///tmp/chisel-18998.socket:localhost:8998|127.0.0.1:28998:unix:///tmp/chisel-18998.socket + // server: access to 'R:/tmp/chisel-18998.socket' denied + // server: access to '/tmp/chisel-18998.socket' denied + // "R:bindURI|remoteURI" + s.AddUser("user", "pass", "R:/tmp/chisel-18998.socket|/tmp/chisel-18998.socket") + + if err = s.Run(host, port); err != nil { + log.Fatal(err) + } } func Test_client(t *testing.T){ args := flag.Args() @@ -33,6 +50,7 @@ func Test_client(t *testing.T){ // proxy#2:0.0.0.0:28998=>unix:///tmp/chisel-18998.socket: Listening connstr:= "R:unix:///tmp/chisel-18998.socket:localhost:8998|127.0.0.1:28998:unix:///tmp/chisel-18998.socket" //串联 sock< 8998 | 28998 < sock ser:= "localhost:8080" + auth:= "user:pass" remotes:= strings.Split(connstr, "|") - client(args, ser, remotes) + client(args, ser, auth, remotes) } -- Gitee