fix: check localhost for bind
This commit is contained in:
parent
e0b5fe07f0
commit
765d774cf5
26
server.go
26
server.go
|
@ -103,8 +103,12 @@ func (srv *server) disconnectUser(name string) {
|
||||||
}
|
}
|
||||||
func (srv *server) getUserByPort(port uint32) (*user, bool) {
|
func (srv *server) getUserByPort(port uint32) (*user, bool) {
|
||||||
if u, ok := srv.ports.Load(port); ok {
|
if u, ok := srv.ports.Load(port); ok {
|
||||||
|
log.Printf("%d %T %s", port, u, u)
|
||||||
|
|
||||||
if u, ok := u.(*user); ok {
|
if u, ok := u.(*user); ok {
|
||||||
return u, true
|
return u, true
|
||||||
|
} else {
|
||||||
|
log.Println("port not found", port, ok)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil, false
|
return nil, false
|
||||||
|
@ -113,6 +117,8 @@ func (srv *server) getUserByName(name string) (*user, bool) {
|
||||||
if u, ok := srv.users.Load(name); ok {
|
if u, ok := srv.users.Load(name); ok {
|
||||||
if u, ok := u.(*user); ok {
|
if u, ok := u.(*user); ok {
|
||||||
return u, true
|
return u, true
|
||||||
|
} else {
|
||||||
|
log.Println("user not found", name, ok)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil, false
|
return nil, false
|
||||||
|
@ -132,6 +138,21 @@ func (srv *server) listUsers() []*user {
|
||||||
|
|
||||||
return lis
|
return lis
|
||||||
}
|
}
|
||||||
|
func (srv *server) listPorts() map[uint32]*user {
|
||||||
|
lis := make(map[uint32]*user)
|
||||||
|
srv.ports.Range(func(key, value interface{}) bool {
|
||||||
|
if u, ok := value.(*user); ok {
|
||||||
|
lis[key.(uint32)] = u
|
||||||
|
return true
|
||||||
|
} else {
|
||||||
|
fmt.Println(key, value)
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
})
|
||||||
|
|
||||||
|
return lis
|
||||||
|
}
|
||||||
|
|
||||||
func (srv *server) nextPort() uint32 {
|
func (srv *server) nextPort() uint32 {
|
||||||
if srv.portNext < srv.portStart || srv.portNext > srv.portEnd {
|
if srv.portNext < srv.portStart || srv.portNext > srv.portEnd {
|
||||||
srv.portNext = srv.portStart
|
srv.portNext = srv.portStart
|
||||||
|
@ -159,7 +180,7 @@ func (srv *server) newSession(ctx context.Context) func(ssh.Session) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if u, ok := srv.getUserByName(s.User()); ok {
|
if u, ok := srv.getUserByName(s.User()); ok {
|
||||||
host := fmt.Sprintf("%v:%v", u.BindHost, u.BindPort)
|
host := fmt.Sprintf("%v:%v", "localhost", u.BindPort)
|
||||||
director := func(req *http.Request) {
|
director := func(req *http.Request) {
|
||||||
if h := req.Header.Get("X-Forwarded-Host"); h == "" {
|
if h := req.Header.Get("X-Forwarded-Host"); h == "" {
|
||||||
req.Header.Set("X-Forwarded-Host", req.Host)
|
req.Header.Set("X-Forwarded-Host", req.Host)
|
||||||
|
@ -235,7 +256,7 @@ func (srv *server) optAuthUser() []ssh.Option {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
if bindHost != strings.Trim(u.BindHost, "[]") || bindPort != u.BindPort {
|
if bindHost != "localhost" || bindPort != u.BindPort {
|
||||||
log.Println("User", ctx.User(), "Not Allowed: ", bindHost, bindPort, ctx.ClientVersion(), ctx.SessionID(), ctx.LocalAddr(), ctx.RemoteAddr())
|
log.Println("User", ctx.User(), "Not Allowed: ", bindHost, bindPort, ctx.ClientVersion(), ctx.SessionID(), ctx.LocalAddr(), ctx.RemoteAddr())
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
@ -313,6 +334,7 @@ func (srv *server) handleHTTP(rw http.ResponseWriter, r *http.Request) {
|
||||||
t := templates["home.go.tpl"]
|
t := templates["home.go.tpl"]
|
||||||
err := t.Execute(rw, map[string]any{
|
err := t.Execute(rw, map[string]any{
|
||||||
"Users": srv.listUsers(),
|
"Users": srv.listUsers(),
|
||||||
|
"Ports": srv.listPorts(),
|
||||||
"ListenPort": srv.listenPort,
|
"ListenPort": srv.listenPort,
|
||||||
"DomainName": srv.domainName,
|
"DomainName": srv.domainName,
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in New Issue
Block a user