Skip to content

Commit

Permalink
Implement options to enable/disable TLS for agents
Browse files Browse the repository at this point in the history
  • Loading branch information
kost committed Nov 7, 2023
1 parent 4395144 commit c565c63
Show file tree
Hide file tree
Showing 4 changed files with 22 additions and 14 deletions.
2 changes: 1 addition & 1 deletion main.go
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ func main() {
if appOptions.Listen!="" {
log.Printf("Listening for reverse connection %s", appOptions.Listen)
go func() {
log.Fatal(listenForAgents(appOptions.Verbose, true, appOptions.Listen, appOptions.Server, appOptions.ListenCert, appOptions.Password))
log.Fatal(listenForAgents(appOptions.Verbose, appOptions.AgentTLS, appOptions.Listen, appOptions.Server, appOptions.ListenCert, appOptions.Password))
}()
wait4Signals()
return nil
Expand Down
1 change: 1 addition & 0 deletions server/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ type Options struct {
DnsKey string `hcl:"dnskey" flagName:"dnskey" flagSName:"" flagDescribe:"Password/Key to use for DNS tunnel" default:""`
DnsDelay string `hcl:"dnsdelay" flagName:"dnsdelay" flagSName:"" flagDescribe:"Delay time between polling for DNS requests" default:"200ms"`
Listen string `hcl:"listen" flagName:"listen" flagSName:"" flagDescribe:"Listen for reverse connection agents (ex. 0.0.0.0:4444)" default:""`
AgentTLS bool `hcl:"agenttls" flagName:"agenttls" flagDescribe:"Enable TLS for listening for agents and clients itself" default:"false"`
ListenCert string `hcl:"listencert" flagName:"listencert" flagSName:"" flagDescribe:"Certificate and key for listen server (ex. mycert)" default:""`
Server string `hcl:"server" flagName:"server" flagSName:"" flagDescribe:"Server for forwarding reverse connections (ex. 127.0.0.1:6000)" default:"127.0.0.1:6000"`
Password string `hcl:"password" flagName:"password" flagSName:"" flagDescribe:"Password for reverse server connection" default:""`
Expand Down
31 changes: 19 additions & 12 deletions server/rclient.go
Original file line number Diff line number Diff line change
Expand Up @@ -199,7 +199,7 @@ func connectviaproxy(proxyaddr string, connectaddr string, proxyauth string) (ne
return dummyConn, errors.New("Not connected via proxy, wrong response code")
}

func connectForSocks(address string, proxy string, proxyauth string, agentpassword string) (*yamux.Session, error) {
func connectForSocks(address string, proxy string, proxyauth string, agentpassword string, enabletls bool) (*yamux.Session, error) {
var err error
var yam *yamux.Session

Expand All @@ -214,10 +214,13 @@ func connectForSocks(address string, proxy string, proxyauth string, agentpasswo
//var conn tls.Conn
if proxy == "" {
log.Println("Connecting to far end")
//conn, err = net.Dial("tcp", address)
conn, err = tls.Dial("tcp", address, conf)
if enabletls {
conn, err = tls.Dial("tcp", address, conf)
} else {
conn, err = net.Dial("tcp", address)
}
if err != nil {
log.Printf("Cannot connect to %s: %s", address, err)
log.Printf("Cannot connect to %s: %s (TLS: %t)", address, err, enabletls)
return yam, err
}
} else {
Expand All @@ -227,14 +230,19 @@ func connectForSocks(address string, proxy string, proxyauth string, agentpasswo
log.Println("Proxy NOT successfull. Exiting")
return yam, err
} else {
log.Println("Proxy successfull. Connecting to far end")
conntls := tls.Client(connp, conf)
err := conntls.Handshake()
if err != nil {
log.Printf("Error connect: %v", err)
return yam, err
log.Printf("Proxy successfull. Connecting to far end (TLS: %t)", enabletls)
if enabletls {
conntls := tls.Client(connp, conf)
err := conntls.Handshake()
if err != nil {
log.Printf("Error connect: %v", err)
return yam, err
}
newconn = net.Conn(conntls)
} else {
newconn = connp
}
newconn = net.Conn(conntls)

}
}

Expand All @@ -244,7 +252,6 @@ func connectForSocks(address string, proxy string, proxyauth string, agentpasswo
//time.Sleep(time.Second * 1)
session, err = yamux.Server(conn, nil)
} else {

//log.Print(conntls)
newconn.Write([]byte(agentpassword))
time.Sleep(time.Second * 1)
Expand Down
2 changes: 1 addition & 1 deletion server/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,7 @@ func (server *Server) Run(ctx context.Context, options ...RunOption) error {
}()
} else {
go func() {
session, err = connectForSocks(server.options.Connect,server.options.Proxy, server.options.ProxyAuth, server.options.Password)
session, err = connectForSocks(server.options.Connect,server.options.Proxy, server.options.ProxyAuth, server.options.Password, server.options.AgentTLS)
if err != nil {
log.Printf("Error creating sessions %s", err)
srvErr <- err
Expand Down

0 comments on commit c565c63

Please sign in to comment.