Simplify TLS handler

antoniomika · May 23, 2022 · 71222f4 · 71222f4
1 parent 8152624
commit 71222f4
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 11 deletions.
diff --git a/httpmuxer/httpmuxer.go b/httpmuxer/httpmuxer.go
@@ -5,7 +5,6 @@ package httpmuxer
 
 import (
 	"bytes"
-	"crypto/tls"
 	"encoding/base64"
 	"fmt"
 	"io/ioutil"
@@ -361,18 +360,16 @@ func Start(state *utils.State) {
 				httpsListener = pListener
 			}
 
-			l := tls.NewListener(httpsListener, tlsConfig)
-
 			if tH != nil {
-				tH.Listener = l
+				tH.Listener = httpsListener
 
-				state.Listeners.Store(httpsServer.Addr, l)
+				state.Listeners.Store(httpsServer.Addr, httpsListener)
 				state.TCPListeners.Store(httpsServer.Addr, tH)
 			}
 
-			defer l.Close()
+			defer httpsListener.Close()
 
-			log.Fatal(httpsServer.Serve(l))
+			log.Fatal(httpsServer.ServeTLS(httpsListener, "", ""))
 		}()
 	}
 

diff --git a/sshmuxer/channels.go b/sshmuxer/channels.go
@@ -19,9 +19,13 @@ import (
 // commandSplitter is the character that terminates a prefix.
 const commandSplitter = "="
 
-// proxyProtoPrefix is used when deciding what proxy protocol
+// proxyProtocolPrefix is used when deciding what proxy protocol
 // version to use.
-const proxyProtoPrefix = "proxyproto"
+const proxyProtocolPrefix = "proxy-protocol"
+
+// proxyProtoPrefixLegacy is used when deciding what proxy protocol
+// version to use.
+const proxyProtoPrefixLegacy = "proxyproto"
 
 // hostHeaderPrefix is the host-header for a specific session.
 const hostHeaderPrefix = "host-header"
@@ -41,6 +45,8 @@ const localForwardPrefix = "local-forward"
 // autoClosePrefix defines whether or not a connection will close when all forwards are cleaned up.
 const autoClosePrefix = "auto-close"
 
+const tcpAddressPrefix = "tcp-address"
+
 // handleSession handles the channel when a user requests a session.
 // This is how we send console messages.
 func handleSession(newChannel ssh.NewChannel, sshConn *utils.SSHConnection, state *utils.State) {
@@ -117,7 +123,9 @@ func handleSession(newChannel ssh.NewChannel, sshConn *utils.SSHConnection, stat
 					command, param := commandFlagParts[0], commandFlagParts[1]
 
 					switch command {
-					case proxyProtoPrefix:
+					case proxyProtocolPrefix:
+						fallthrough
+					case proxyProtoPrefixLegacy:
 						if !viper.GetBool("proxy-protocol") {
 							break
 						}
@@ -159,6 +167,14 @@ func handleSession(newChannel ssh.NewChannel, sshConn *utils.SSHConnection, stat
 						sshConn.SNIProxy = sniProxy
 
 						sshConn.SendMessage(fmt.Sprintf("SNI proxy for TCP forwards set to: %t", sshConn.SNIProxy), true)
+					case tcpAddressPrefix:
+						if viper.GetBool("force-tcp-address") {
+							break
+						}
+
+						sshConn.TCPAddress = param
+
+						sshConn.SendMessage(fmt.Sprintf("TCP address for TCP forwards set to: %s", sshConn.TCPAddress), true)
 					case tcpAliasPrefix:
 						if !viper.GetBool("tcp-aliases") {
 							break

diff --git a/utils/conn.go b/utils/conn.go
@@ -27,6 +27,7 @@ type SSHConnection struct {
 	HostHeader     string
 	StripPath      bool
 	SNIProxy       bool
+	TCPAddress     string
 	TCPAlias       bool
 	LocalForward   bool
 	AutoClose      bool

diff --git a/utils/utils.go b/utils/utils.go
@@ -605,7 +605,11 @@ func GetOpenPort(addr string, port uint32, state *State, sshConn *SSHConnection,
 		bindAddr := addr
 		listenAddr := ""
 
-		if (bindAddr == "localhost" && viper.GetBool("localhost-as-all")) || viper.GetBool("force-tcp-address") || sniProxyEnabled {
+		if bindAddr == "" {
+			bindAddr = sshConn.TCPAddress
+		}
+
+		if (bindAddr == "localhost" && viper.GetBool("localhost-as-all")) || viper.GetBool("force-tcp-address") || (sniProxyEnabled && sshConn.TCPAddress == "") {
 			bindAddr = viper.GetString("tcp-address")
 		}