STRLCPY/reverse_ssh

■ ■ ■ ■ ■ ■

internal/server/clients/clients.go

		skipped 44 lines
45	45		addAlias(idString, username)
46	46		addAlias(idString, conn.RemoteAddr().String())
47	47		addAlias(idString, conn.Permissions.Extensions["pubkey-fp"])
48		-
	48	+	if conn.Permissions.Extensions["comment"] != "" {
	49	+	addAlias(idString, conn.Permissions.Extensions["comment"])
	50	+	}
49	51		clients[idString] = conn
50	52
51	53		Autocomplete.Add(idString)
		skipped 122 lines

■ ■ ■ ■ ■ ■

internal/server/commands/link.go

		skipped 98 lines
99	99		return err
100	100		}
101	101
	102	+	comment, err := line.GetArgString("C")
	103	+	if err != nil && err != terminal.ErrFlagNotSet {
	104	+	return err
	105	+	}
	106	+
102	107		fingerprint, err := line.GetArgString("fingerprint")
103	108		if err != nil && err != terminal.ErrFlagNotSet {
104	109		return err
105	110		}
106	111
107		-	url, err := webserver.Build(goos, goarch, homeserver_address, fingerprint, name, line.IsSet("shared-object"), line.IsSet("upx"), line.IsSet("garble"))
	112	+	url, err := webserver.Build(goos, goarch, homeserver_address, fingerprint, name, comment, line.IsSet("shared-object"), line.IsSet("upx"), line.IsSet("garble"))
108	113		if err != nil {
109	114		return err
110	115		}
		skipped 26 lines
137	142		"\t-s\tSet homeserver address, defaults to server --external_address if set, or server listen address if not.",
138	143		"\t-l\tList currently active download links",
139	144		"\t-r\tRemove download link",
	145	+	"\t-C\tComment to add as the public key (acts as the name)",
140	146		"\t--goos\tSet the target build operating system (default to runtime GOOS)",
141	147		"\t--goarch\tSet the target build architecture (default to runtime GOARCH)",
142	148		"\t--name\tSet link name",
		skipped 11 lines

■ ■ ■ ■ ■ ■

internal/server/commands/list.go

		skipped 22 lines
23	23
24	24		func fancyTable(tty io.ReadWriter, applicable []displayItem) {
25	25
26		-	t, _ := table.NewTable("Targets", "ID", "Public Key Hash", "Hostname", "IP Address", "Version")
	26	+	t, _ := table.NewTable("Targets", "ID", "Public Key ID", "Hostname", "IP Address", "Version")
27	27		for _, a := range applicable {
28		-	t.AddValues(a.id, a.sc.Permissions.Extensions["pubkey-fp"], clients.NormaliseHostname(a.sc.User()), a.sc.RemoteAddr().String(), string(a.sc.ClientVersion()))
	28	+
	29	+	keyId := a.sc.Permissions.Extensions["pubkey-fp"]
	30	+	if a.sc.Permissions.Extensions["comment"] != "" {
	31	+	keyId = a.sc.Permissions.Extensions["comment"]
	32	+	}
	33	+
	34	+	t.AddValues(a.id, keyId, clients.NormaliseHostname(a.sc.User()), a.sc.RemoteAddr().String(), string(a.sc.ClientVersion()))
29	35		}
30	36
31	37		t.Fprint(tty)
		skipped 51 lines
83	89
84	90		for i, tr := range toReturn {
85	91
86		-	fmt.Fprintf(tty, "%s %s %s %s, version: %s", tr.id, tr.sc.Permissions.Extensions["pubkey-fp"], clients.NormaliseHostname(tr.sc.User()), tr.sc.RemoteAddr().String(), tr.sc.ClientVersion())
	92	+	keyId := tr.sc.Permissions.Extensions["pubkey-fp"]
	93	+	if tr.sc.Permissions.Extensions["comment"] != "" {
	94	+	keyId = tr.sc.Permissions.Extensions["comment"]
	95	+	}
	96	+
	97	+	fmt.Fprintf(tty, "%s %s %s %s, version: %s", tr.id, keyId, clients.NormaliseHostname(tr.sc.User()), tr.sc.RemoteAddr().String(), tr.sc.ClientVersion())
87	98
88	99		if i != len(toReturn)-1 {
89	100		fmt.Fprint(tty, sep)
		skipped 28 lines

■ ■ ■ ■ ■ ■

internal/server/sshd.go

		skipped 22 lines
23	23		type Options struct {
24	24		AllowList []*net.IPNet
25	25		DenyList []*net.IPNet
	26	+	Comment string
26	27		}
27	28
28	29		func readPubKeys(path string) (m map[string]Options, err error) {
		skipped 11 lines
40	41		continue
41	42		}
42	43
43		-	pubKey, _, options, _, err := ssh.ParseAuthorizedKey(key)
	44	+	pubKey, comment, options, _, err := ssh.ParseAuthorizedKey(key)
44	45		if err != nil {
45	46		return m, fmt.Errorf("unable to parse public key. %s line %d. Reason: %s", path, i+1, err)
46	47		}
47	48
48	49		var opts Options
	50	+	opts.Comment = comment
	51	+
49	52		for _, o := range options {
50	53		parts := strings.Split(o, "=")
51	54		if len(parts) == 2 && parts[0] == "from" {
		skipped 133 lines
185	188		log.Println("Reloading authorized_controllee_keys failed: ", err)
186	189		}
187	190
188		-	var clientType string
189		-
190	191		remoteIp := getIP(conn.RemoteAddr().String())
191	192
192	193		if remoteIp == nil {
		skipped 2 lines
195	196
196	197		//If insecure mode, then any unknown client will be connected as a controllable client.
197	198		//The server effectively ignores channel requests from controllable clients.
	199	+
198	200		if opt, ok := authorizedKeysMap[string(ssh.MarshalAuthorizedKey(key))]; ok {
199		-	clientType = "user"
200	201
201	202		for _, deny := range opt.DenyList {
202	203		if deny.Contains(remoteIp) {
		skipped 13 lines
216	217		return nil, fmt.Errorf("not authorized %q (not on allow list)", conn.User())
217	218		}
218	219
219		-	} else if _, ok := authorizedControllees[string(ssh.MarshalAuthorizedKey(key))]; insecure \|\| ok {
220		-	clientType = "client"
221		-	} else {
222		-	return nil, fmt.Errorf("not authorized %q, potentially you might want to enabled -insecure mode", conn.User())
	220	+	return &ssh.Permissions{
	221	+	// Record the public key used for authentication.
	222	+	Extensions: map[string]string{
	223	+	"comment": opt.Comment,
	224	+	"pubkey-fp": internal.FingerprintSHA1Hex(key),
	225	+	"type": "user",
	226	+	},
	227	+	}, nil
	228	+
223	229		}
224	230
225		-	return &ssh.Permissions{
226		-	// Record the public key used for authentication.
227		-	Extensions: map[string]string{
228		-	"pubkey-fp": internal.FingerprintSHA1Hex(key),
229		-	"type": clientType,
230		-	},
231		-	}, nil
	231	+	if opt, ok := authorizedControllees[string(ssh.MarshalAuthorizedKey(key))]; insecure \|\| ok {
232	232
	233	+	return &ssh.Permissions{
	234	+	// Record the public key used for authentication.
	235	+	Extensions: map[string]string{
	236	+	"comment": opt.Comment,
	237	+	"pubkey-fp": internal.FingerprintSHA1Hex(key),
	238	+	"type": "client",
	239	+	},
	240	+	}, nil
	241	+	}
	242	+
	243	+	return nil, fmt.Errorf("not authorized %q, potentially you might want to enabled -insecure mode", conn.User())
233	244		},
234	245		}
235	246
		skipped 128 lines

■ ■ ■ ■ ■ ■

internal/server/webserver/buildmanager.go

		skipped 39 lines
40	40		cachePath string
41	41		)
42	42
43		-	func Build(goos, goarch, suppliedConnectBackAdress, fingerprint, name string, shared, upx, garble bool) (string, error) {
	43	+	func Build(goos, goarch, suppliedConnectBackAdress, fingerprint, name, comment string, shared, upx, garble bool) (string, error) {
44	44		if !webserverOn {
45	45		return "", fmt.Errorf("web server is not enabled.")
46	46		}
		skipped 157 lines
204	204		}
205	205
206	206		defer authorizedControlleeKeys.Close()
207		-	if _, err = authorizedControlleeKeys.WriteString(fmt.Sprintf("%s\n", publicKeyBytes)); err != nil {
	207	+	if _, err = authorizedControlleeKeys.WriteString(fmt.Sprintf("%s %s\n", publicKeyBytes[:len(publicKeyBytes)-1], comment)); err != nil {
208	208		return "", errors.New("cant write newly generated key to authorized controllee keys file: " + err.Error())
209	209		}
210	210
		skipped 151 lines

Add comment as identifer in place of public key hash