Skip to content

Commit

Permalink
Update TLS
Browse files Browse the repository at this point in the history
  • Loading branch information
@ph4ntonn
ph4ntonn committed Mar 30, 2024
1 parent 7d7a568 commit de126db
Show file tree
Hide file tree
Showing 5 changed files with 86 additions and 87 deletions.
23 changes: 11 additions & 12 deletions admin/initial/method.go
View file
Expand Up @@ -76,11 +76,6 @@ func NormalActive(userOptions *Options, topo *topology.Topology, proxy share.Pro
os.Exit(0)
}

if err := share.ActivePreAuth(conn); err != nil {
printer.Fail("[*] Error occurred: %s", err.Error())
os.Exit(0)
}

if userOptions.TlsEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewClientTLSConfig(userOptions.Domain)
Expand All @@ -95,6 +90,11 @@ func NormalActive(userOptions *Options, topo *topology.Topology, proxy share.Pro
userOptions.Secret = ""
}

if err := share.ActivePreAuth(conn); err != nil {
printer.Fail("[*] Error occurred: %s", err.Error())
os.Exit(0)
}

sMessage = protocol.PrepareAndDecideWhichSProtoToLower(conn, userOptions.Secret, protocol.ADMIN_UUID)

protocol.ConstructMessage(sMessage, header, hiMess, false)
Expand Down Expand Up @@ -190,13 +190,6 @@ func NormalPassive(userOptions *Options, topo *topology.Topology) net.Conn {
conn, err := listener.Accept()
if err != nil {
printer.Fail("[*] Error occurred: %s\r\n", err.Error())
conn.Close()
continue
}

if err := share.PassivePreAuth(conn); err != nil {
printer.Fail("[*] Error occurred: %s\r\n", err.Error())
conn.Close()
continue
}

Expand All @@ -214,6 +207,12 @@ func NormalPassive(userOptions *Options, topo *topology.Topology) net.Conn {
userOptions.Secret = ""
}

if err := share.PassivePreAuth(conn); err != nil {
printer.Fail("[*] Error occurred: %s\r\n", err.Error())
conn.Close()
continue
}

rMessage = protocol.PrepareAndDecideWhichRProtoFromLower(conn, userOptions.Secret, protocol.ADMIN_UUID)
fHeader, fMessage, err := protocol.DestructMessage(rMessage)

Expand Down
8 changes: 4 additions & 4 deletions agent/handler/connect.go
View file
Expand Up @@ -80,10 +80,6 @@ func (connect *Connect) start(mgr *manager.Manager) {
return
}

if err = share.ActivePreAuth(conn); err != nil {
return
}

if global.G_TLSEnable {
var tlsConfig *tls.Config
// Set domain as null since we are in the intranet
Expand All @@ -95,6 +91,10 @@ func (connect *Connect) start(mgr *manager.Manager) {
conn = transport.WrapTLSClientConn(conn, tlsConfig)
}

if err = share.ActivePreAuth(conn); err != nil {
return
}

sLMessage = protocol.PrepareAndDecideWhichSProtoToLower(conn, global.G_Component.Secret, protocol.ADMIN_UUID)

protocol.ConstructMessage(sLMessage, hiHeader, hiMess, false)
Expand Down
48 changes: 24 additions & 24 deletions agent/handler/listen.go
View file
Expand Up @@ -110,12 +110,7 @@ func (listen *Listen) normalListen(mgr *manager.Manager, options *initial.Option
for {
conn, err := listener.Accept()
if err != nil {
conn.Close()
continue
}

if err := share.PassivePreAuth(conn); err != nil {
conn.Close()
log.Printf("[*] Error occurred: %s\n", err.Error())
continue
}

Expand All @@ -130,6 +125,11 @@ func (listen *Listen) normalListen(mgr *manager.Manager, options *initial.Option
conn = transport.WrapTLSServerConn(conn, tlsConfig)
}

if err := share.PassivePreAuth(conn); err != nil {
conn.Close()
continue
}

rMessage := protocol.PrepareAndDecideWhichRProtoFromLower(conn, global.G_Component.Secret, protocol.ADMIN_UUID) //fake admin
fHeader, fMessage, err := protocol.DestructMessage(rMessage)
if err != nil {
Expand Down Expand Up @@ -285,12 +285,7 @@ func (listen *Listen) iptablesListen(mgr *manager.Manager, options *initial.Opti
for {
conn, err := listener.Accept()
if err != nil {
conn.Close()
continue
}

if err := share.PassivePreAuth(conn); err != nil {
conn.Close()
log.Printf("[*] Error occurred: %s\n", err.Error())
continue
}

Expand All @@ -305,6 +300,11 @@ func (listen *Listen) iptablesListen(mgr *manager.Manager, options *initial.Opti
conn = transport.WrapTLSServerConn(conn, tlsConfig)
}

if err := share.PassivePreAuth(conn); err != nil {
conn.Close()
continue
}

rMessage := protocol.PrepareAndDecideWhichRProtoFromLower(conn, global.G_Component.Secret, protocol.ADMIN_UUID) //fake admin
fHeader, fMessage, err := protocol.DestructMessage(rMessage)

Expand Down Expand Up @@ -458,10 +458,21 @@ func (listen *Listen) soReuseListen(mgr *manager.Manager, options *initial.Optio
for {
conn, err := listener.Accept()
if err != nil {
conn.Close()
log.Printf("[*] Error occurred: %s\n", err.Error())
continue
}

if global.G_TLSEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewServerTLSConfig()
if err != nil {
log.Printf("[*] Error occured: %s", err.Error())
conn.Close()
continue
}
conn = transport.WrapTLSServerConn(conn, tlsConfig)
}

defer conn.SetReadDeadline(time.Time{})
conn.SetReadDeadline(time.Now().Add(2 * time.Second))

Expand All @@ -485,17 +496,6 @@ func (listen *Listen) soReuseListen(mgr *manager.Manager, options *initial.Optio
continue
}

if global.G_TLSEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewServerTLSConfig()
if err != nil {
log.Printf("[*] Error occured: %s", err.Error())
conn.Close()
continue
}
conn = transport.WrapTLSServerConn(conn, tlsConfig)
}

rMessage := protocol.PrepareAndDecideWhichRProtoFromLower(conn, global.G_Component.Secret, protocol.ADMIN_UUID) //fake admin
fHeader, fMessage, err := protocol.DestructMessage(rMessage)

Expand Down
48 changes: 23 additions & 25 deletions agent/initial/method.go
View file
Expand Up @@ -79,10 +79,6 @@ func NormalActive(userOptions *Options, proxy share.Proxy) (net.Conn, string) {
log.Fatalf("[*] Error occurred: %s", err.Error())
}

if err := share.ActivePreAuth(conn); err != nil {
log.Fatalf("[*] Error occurred: %s", err.Error())
}

if userOptions.TlsEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewClientTLSConfig(userOptions.Domain)
Expand All @@ -97,6 +93,10 @@ func NormalActive(userOptions *Options, proxy share.Proxy) (net.Conn, string) {
userOptions.Secret = ""
}

if err := share.ActivePreAuth(conn); err != nil {
log.Fatalf("[*] Error occurred: %s", err.Error())
}

sMessage = protocol.PrepareAndDecideWhichSProtoToUpper(conn, userOptions.Secret, protocol.TEMP_UUID)

protocol.ConstructMessage(sMessage, header, hiMess, false)
Expand Down Expand Up @@ -161,14 +161,9 @@ func NormalPassive(userOptions *Options) (net.Conn, string) {
conn, err := listener.Accept()
if err != nil {
log.Printf("[*] Error occurred: %s\n", err.Error())
conn.Close()
continue
}

if err := share.PassivePreAuth(conn); err != nil {
log.Fatalf("[*] Error occurred: %s", err.Error())
}

if userOptions.TlsEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewServerTLSConfig()
Expand All @@ -183,6 +178,10 @@ func NormalPassive(userOptions *Options) (net.Conn, string) {
userOptions.Secret = ""
}

if err := share.PassivePreAuth(conn); err != nil {
log.Fatalf("[*] Error occurred: %s", err.Error())
}

rMessage = protocol.PrepareAndDecideWhichRProtoFromUpper(conn, userOptions.Secret, protocol.TEMP_UUID)
fHeader, fMessage, err := protocol.DestructMessage(rMessage)

Expand Down Expand Up @@ -304,12 +303,25 @@ func SoReusePassive(userOptions *Options) (net.Conn, string) {

for {
conn, err := listener.Accept()

if err != nil {
conn.Close()
log.Printf("[*] Error occurred: %s\n", err.Error())
continue
}

if userOptions.TlsEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewServerTLSConfig()
if err != nil {
log.Printf("[*] Error occured: %s", err.Error())
conn.Close()
continue
}
conn = transport.WrapTLSServerConn(conn, tlsConfig)
// As we have already used TLS, we don't need to use aes inside
// Set userOptions.Secret as null to disable aes
userOptions.Secret = ""
}

defer conn.SetReadDeadline(time.Time{})
conn.SetReadDeadline(time.Now().Add(2 * time.Second))

Expand All @@ -333,20 +345,6 @@ func SoReusePassive(userOptions *Options) (net.Conn, string) {
continue
}

if userOptions.TlsEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewServerTLSConfig()
if err != nil {
log.Printf("[*] Error occured: %s", err.Error())
conn.Close()
continue
}
conn = transport.WrapTLSServerConn(conn, tlsConfig)
// As we have already used TLS, we don't need to use aes inside
// Set userOptions.Secret as null to disable aes
userOptions.Secret = ""
}

rMessage = protocol.PrepareAndDecideWhichRProtoFromUpper(conn, userOptions.Secret, protocol.TEMP_UUID)
fHeader, fMessage, err := protocol.DestructMessage(rMessage)

Expand Down
46 changes: 24 additions & 22 deletions agent/process/offline.go
View file
Expand Up @@ -91,11 +91,7 @@ func normalPassiveReconn(options *initial.Options) net.Conn {
for {
conn, err := listener.Accept()
if err != nil {
continue
}

if err := share.PassivePreAuth(conn); err != nil {
conn.Close()
log.Printf("[*] Error occurred: %s\n", err.Error())
continue
}

Expand All @@ -110,6 +106,11 @@ func normalPassiveReconn(options *initial.Options) net.Conn {
conn = transport.WrapTLSServerConn(conn, tlsConfig)
}

if err := share.PassivePreAuth(conn); err != nil {
conn.Close()
continue
}

rMessage = protocol.PrepareAndDecideWhichRProtoFromUpper(conn, options.Secret, protocol.TEMP_UUID)
fHeader, fMessage, err := protocol.DestructMessage(rMessage)

Expand Down Expand Up @@ -170,9 +171,21 @@ func soReusePassiveReconn(options *initial.Options) net.Conn {
for {
conn, err := listener.Accept()
if err != nil {
log.Printf("[*] Error occurred: %s\n", err.Error())
continue
}

if global.G_TLSEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewServerTLSConfig()
if err != nil {
log.Printf("[*] Error occured: %s", err.Error())
conn.Close()
continue
}
conn = transport.WrapTLSServerConn(conn, tlsConfig)
}

defer conn.SetReadDeadline(time.Time{})
conn.SetReadDeadline(time.Now().Add(2 * time.Second))

Expand All @@ -196,17 +209,6 @@ func soReusePassiveReconn(options *initial.Options) net.Conn {
continue
}

if global.G_TLSEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewServerTLSConfig()
if err != nil {
log.Printf("[*] Error occured: %s", err.Error())
conn.Close()
continue
}
conn = transport.WrapTLSServerConn(conn, tlsConfig)
}

rMessage = protocol.PrepareAndDecideWhichRProtoFromUpper(conn, options.Secret, protocol.TEMP_UUID)
fHeader, fMessage, err := protocol.DestructMessage(rMessage)

Expand Down Expand Up @@ -266,12 +268,6 @@ func normalReconnActiveReconn(options *initial.Options, proxy share.Proxy) net.C
continue
}

if err := share.ActivePreAuth(conn); err != nil {
conn.Close()
time.Sleep(time.Duration(options.Reconnect) * time.Second)
continue
}

if global.G_TLSEnable {
var tlsConfig *tls.Config
tlsConfig, err = transport.NewClientTLSConfig(options.Domain)
Expand All @@ -283,6 +279,12 @@ func normalReconnActiveReconn(options *initial.Options, proxy share.Proxy) net.C
conn = transport.WrapTLSClientConn(conn, tlsConfig)
}

if err := share.ActivePreAuth(conn); err != nil {
conn.Close()
time.Sleep(time.Duration(options.Reconnect) * time.Second)
continue
}

sMessage = protocol.PrepareAndDecideWhichSProtoToUpper(conn, options.Secret, protocol.TEMP_UUID)

protocol.ConstructMessage(sMessage, header, hiMess, false)
Expand Down

0 comments on commit de126db

Please sign in to comment.