fix: check localhost for bind

This commit is contained in:
xuu 2023-05-29 12:31:17 -06:00
parent e0b5fe07f0
commit 765d774cf5
Signed by: xuu
GPG Key ID: C63E6D61F3035024

View File

@ -103,8 +103,12 @@ func (srv *server) disconnectUser(name string) {
} }
func (srv *server) getUserByPort(port uint32) (*user, bool) { func (srv *server) getUserByPort(port uint32) (*user, bool) {
if u, ok := srv.ports.Load(port); ok { if u, ok := srv.ports.Load(port); ok {
log.Printf("%d %T %s", port, u, u)
if u, ok := u.(*user); ok { if u, ok := u.(*user); ok {
return u, true return u, true
} else {
log.Println("port not found", port, ok)
} }
} }
return nil, false return nil, false
@ -113,6 +117,8 @@ func (srv *server) getUserByName(name string) (*user, bool) {
if u, ok := srv.users.Load(name); ok { if u, ok := srv.users.Load(name); ok {
if u, ok := u.(*user); ok { if u, ok := u.(*user); ok {
return u, true return u, true
} else {
log.Println("user not found", name, ok)
} }
} }
return nil, false return nil, false
@ -132,6 +138,21 @@ func (srv *server) listUsers() []*user {
return lis return lis
} }
func (srv *server) listPorts() map[uint32]*user {
lis := make(map[uint32]*user)
srv.ports.Range(func(key, value interface{}) bool {
if u, ok := value.(*user); ok {
lis[key.(uint32)] = u
return true
} else {
fmt.Println(key, value)
}
return false
})
return lis
}
func (srv *server) nextPort() uint32 { func (srv *server) nextPort() uint32 {
if srv.portNext < srv.portStart || srv.portNext > srv.portEnd { if srv.portNext < srv.portStart || srv.portNext > srv.portEnd {
srv.portNext = srv.portStart srv.portNext = srv.portStart
@ -159,7 +180,7 @@ func (srv *server) newSession(ctx context.Context) func(ssh.Session) {
} }
if u, ok := srv.getUserByName(s.User()); ok { if u, ok := srv.getUserByName(s.User()); ok {
host := fmt.Sprintf("%v:%v", u.BindHost, u.BindPort) host := fmt.Sprintf("%v:%v", "localhost", u.BindPort)
director := func(req *http.Request) { director := func(req *http.Request) {
if h := req.Header.Get("X-Forwarded-Host"); h == "" { if h := req.Header.Get("X-Forwarded-Host"); h == "" {
req.Header.Set("X-Forwarded-Host", req.Host) req.Header.Set("X-Forwarded-Host", req.Host)
@ -235,7 +256,7 @@ func (srv *server) optAuthUser() []ssh.Option {
return false return false
} }
if bindHost != strings.Trim(u.BindHost, "[]") || bindPort != u.BindPort { if bindHost != "localhost" || bindPort != u.BindPort {
log.Println("User", ctx.User(), "Not Allowed: ", bindHost, bindPort, ctx.ClientVersion(), ctx.SessionID(), ctx.LocalAddr(), ctx.RemoteAddr()) log.Println("User", ctx.User(), "Not Allowed: ", bindHost, bindPort, ctx.ClientVersion(), ctx.SessionID(), ctx.LocalAddr(), ctx.RemoteAddr())
return false return false
} }
@ -313,6 +334,7 @@ func (srv *server) handleHTTP(rw http.ResponseWriter, r *http.Request) {
t := templates["home.go.tpl"] t := templates["home.go.tpl"]
err := t.Execute(rw, map[string]any{ err := t.Execute(rw, map[string]any{
"Users": srv.listUsers(), "Users": srv.listUsers(),
"Ports": srv.listPorts(),
"ListenPort": srv.listenPort, "ListenPort": srv.listenPort,
"DomainName": srv.domainName, "DomainName": srv.domainName,
}) })