Allow binds on localhost

Signed-off-by: Lukas Bachschwell <[email protected]>
s00500 · Aug 20, 2021 · 70a1081 · 70a1081
1 parent c7af12a
commit 70a1081
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 14 deletions.
diff --git a/Readme.md b/Readme.md
@@ -37,6 +37,12 @@ Publish a resource to the server
 ssh -N -R 1:127.0.0.1:8000 lukas@localhost -p 2222
 
 
+# Future: Mole client
+
+use `go install github.com/s00500/molehill/cmd/mole@master`
+
+TO BE DONE
+
 # Donate
 
 If you like this project you can [buy me a coffee here](https://paypal.me/lukasbachschwell/5)

diff --git a/go.mod b/go.mod
@@ -5,11 +5,12 @@ go 1.16
 require (
 	github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
-	github.com/gliderlabs/ssh v0.3.2
+	github.com/gliderlabs/ssh v0.3.3
 	github.com/mattn/go-isatty v0.0.13 // indirect
 	github.com/s00500/env_logger v0.1.19
 	github.com/s00500/store v0.2.0 // indirect
+	github.com/sasha-s/go-deadlock v0.3.1 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
+	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
 	golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -7,6 +7,8 @@ github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/gliderlabs/ssh v0.3.2 h1:gcfd1Aj/9RQxvygu4l3sak711f/5+VOwBw9C/7+N4EI=
 github.com/gliderlabs/ssh v0.3.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/gliderlabs/ssh v0.3.3 h1:mBQ8NiOgDkINJrZtoizkC3nDNYgSaWtxyem6S2XHBtA=
+github.com/gliderlabs/ssh v0.3.3/go.mod h1:ZSS+CUoKHDrqVakTfTWUlKSr9MtMFkC4UvtQKD7O914=
 github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
 github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
@@ -16,6 +18,8 @@ github.com/naoina/go-stringutil v0.1.0 h1:rCUeRUHjBjGTSHl0VC00jUPLz8/F9dDzYI70Hz
 github.com/naoina/go-stringutil v0.1.0/go.mod h1:XJ2SJL9jCtBh+P9q5btrd/Ylo8XwT/h1USek5+NqSA0=
 github.com/naoina/toml v0.1.1 h1:PT/lllxVVN0gzzSqSlHEmP8MJB4MY2U7STGxiouV4X8=
 github.com/naoina/toml v0.1.1/go.mod h1:NBIhNtsFMo3G2szEBne+bO4gS192HuIYRqfvOWb4i1E=
+github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 h1:q2e307iGHPdTGp0hoxKjt1H5pDo6utceo3dQVK3I5XQ=
+github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5/go.mod h1:jvVRKCrJTQWu0XVbaOlby/2lO20uSCHEMzzplHXte1o=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/s00500/env_logger v0.1.17 h1:XAbjAo68BBLtuYlmJuyg9rVWrIL3u1Pp2TqvZoZu6mo=
@@ -24,6 +28,8 @@ github.com/s00500/env_logger v0.1.19 h1:4F8Wdv7otN9Fjy6fdWEZs4j/wftWO62ABz0Mol7D
 github.com/s00500/env_logger v0.1.19/go.mod h1:TmWxAVX9gkQawgJucvtH52FZllrVjaCpf66q9TxpCU8=
 github.com/s00500/store v0.2.0 h1:sxTAiboFRfwZ7LLv/9rHsUPLNv2LO46Fx71OwD5wYMQ=
 github.com/s00500/store v0.2.0/go.mod h1:cb/JBhkNBFf+quwpaZjN4TYkvEgzI8caFPpr8fPtnic=
+github.com/sasha-s/go-deadlock v0.3.1 h1:sqv7fDNShgjcaxkO0JNcOAlr8B9+cV5Ey/OB71efZx0=
+github.com/sasha-s/go-deadlock v0.3.1/go.mod h1:F73l+cr82YSh10GxyRI6qZiCgK64VaZjwesgfQ1/iLM=
 github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
 github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@@ -35,6 +41,9 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210817164053-32db794688a5 h1:HWj/xjIHfjYU5nVXpTM0s39J9CbLn7Cc5a7IC5rwsMQ=
+golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -44,6 +53,8 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68 h1:nxC68pudNYkKU6jWhgrqdreuF
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea h1:+WiDlPBBaO+h9vPNZi8uJ3k4BkKQB7Iow3aqwHVA5hI=
 golang.org/x/sys v0.0.0-20210525143221-35b2ab0089ea/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55 h1:rw6UNGRMfarCepjI8qOepea/SXwIBVfTKjztZ5gBbq4=
 golang.org/x/sys v0.0.0-20210820121016-41cdb8703e55/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=

diff --git a/server.go b/server.go
@@ -6,23 +6,22 @@ import (
 	"io"
 	"net"
 	"os"
-	"sync"
 
 	"github.com/s00500/molehill/filehandlers"
 
+	"sync"
+
 	"github.com/fsnotify/fsnotify"
+	"github.com/gliderlabs/ssh"
 	log "github.com/s00500/env_logger"
 	"github.com/s00500/store"
-
-	"github.com/gliderlabs/ssh"
 )
 
 //go:generate sh injectGitVars.sh
 
 type Config struct {
-	Runaddress        string
-	Users             []UserConfig
-	BindableHostports []int
+	Runaddress string
+	Users      []UserConfig
 }
 
 type UserConfig struct {
@@ -41,14 +40,14 @@ var config Config = Config{
 			Name:            "lukas",
 			Password:        "lukas", // empty means autogenerate ? not sure
 			PublicKey:       "AAAAB3NzaC1yc2EAAAADAQABAAABAQDLdQry15RLpQ7/uPHFb79ToEs7fLy27J1jgNHTdrGn9HPRSS0Xcup34x6gdX/UG+APO2n87Xz6fOwLEd7ORCrITlUy0sh26lOFhGO+hRcQHrh2bmF6c4CIO8VH1AZc/EN6x9BTQJS3ridLBggspomLVHXwCmKhmpvUT8EynSbm8mYS1CR0XNu1T1yVdYQ0jYPUA5er8OxZNuOhMuO4iQEEplJoZv8zyKy9QW1aGREOEgQK9l0iLaGXqSlEqgcBLmdJKSTZ5OaM+kF0wcGylRRTXntJM/N0xH3U0pYaiqM6isAwKHVuXcu/IMI4XboVUVZlbcqoPde7t5xHUsLiIYGb",
-			AllowedBinds:    []string{"cosm:1", "localhost:8123"},
-			AllowedConnects: []string{"cosmo:1", "cosm"},
+			AllowedBinds:    []string{"cosm:1", "127.0.0.1:8123"}, // if a port starts with 127.0.0.1 it is going to be available on the molehill host directly, but it will not be connectable via molehill
+			AllowedConnects: []string{"cosmo:1", "cosm:*"},
 		},
 		{
 			Name:            "andrii",
 			PublicKey:       "AAAAB3NzaC1yc2EAAAADAQABAAABgQC3nMQPNE6pXBGa8O2LBMma1FFEMgmm6VXVRUeeKNGDZF3XM6e0sP/Q0NmhYDX+JoZ4Eswyi3pyF1LPjA1Z6rcvFms+ifPNJfKUoo7XewRWOX8kQAsOJKFfwBatkqT+8whau6YnsQzFoFMt/5aeIqc6iMM+63Lxwo9uDDehMesPIb576je40SVrdMn7vIZy88s0Jwwfy91jvULkCygf4E1KXIfyIeLIKLKUPypXleXGvUwclnqdrQmyPWq1cUXx1vU4iNGe0CfTjXOrsvquNTQV8lJbn17fQKax5a6TFgCIfPbgy+W4G9yo5vZOlLHA5lIvRoNf0hNqSPP6f9wMp4R4WK1ecDQuLU1kLfAcZA6T5tRUCyBblaiMPrDcH2dBjHFjysJ+vOCFSPDWjHp6Sj/Gs66bbEg6AzXEiLEXqDqjlgaE3V2V3B5tfFiu6gPmmgGhAcWrYTQoNDrPRfQb5ZerVGyYlvrY06BfdwTyMahKNqA9P0EJ1fb7L4+C/yNtWok=",
 			AllowedBinds:    []string{},
-			AllowedConnects: []string{"cosmo:1", "cosm"},
+			AllowedConnects: []string{"cosmo:1", "cosm:*"},
 		},
 	},
 }
@@ -111,7 +110,8 @@ func main() {
 			return false
 		}),
 		Handler: ssh.Handler(func(s ssh.Session) {
-			io.WriteString(s, "Only remote forwarding available...\n")
+			_, err := io.WriteString(s, "Only remote forwarding available...\n")
+			log.Should(err)
 		}),
 		LocalPortForwardingCallback: ssh.LocalPortForwardingCallback(func(ctx ssh.Context, destinationHost string, destinationPort uint32) bool {
 			log.Println("attempt to GRAB", destinationHost, destinationPort, "for user", ctx.User(), ctx.RemoteAddr(), "granted")
@@ -166,7 +166,8 @@ func main() {
 		},
 	}
 
-	server.SetOption(ssh.HostKeyFile("hostkeys/server_id_rsa"))
+	err := server.SetOption(ssh.HostKeyFile("hostkeys/server_id_rsa"))
+	log.Should(err)
 
 	log.Fatal(server.ListenAndServe())
 }
@@ -194,7 +195,8 @@ func startWatcher() error {
 				if event.Op&fsnotify.Write == fsnotify.Write {
 					log.Info("Reloading config...")
 					configMu.Lock()
-					store.Load("config.yml", &config)
+					err := store.Load("config.yml", &config)
+					log.Should(err)
 					configMu.Unlock()
 				}
 			case err, ok := <-watcher.Errors: