root
/
telebit
mirror of https://github.com/therootcompany/telebit.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

various bugfixes and enhancements

This commit is contained in:
AJ ONeal 2020-05-04 22:49:38 -06:00
parent 50784e017e
commit 1600c960ab
3 changed files with 49 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,6 +1,8 @@
.env .env
.env.* .env.*
certs certs
acme.d
*.exe *.exe
/telebitd /telebitd
/cmd/telebitd/telebitd /cmd/telebitd/telebitd

39
cmd/telebitd/telebitd.go
View File

@ -26,7 +26,10 @@ import (
_ "github.com/joho/godotenv/autoload" _ "github.com/joho/godotenv/autoload"
) )
// Loginfo TODO remove
var Loginfo = log.Loginfo var Loginfo = log.Loginfo
// Logdebug TODO remove
var Logdebug = log.Logdebug var Logdebug = log.Logdebug
func init() { func init() {
@ -38,28 +41,22 @@ var (
configPath = "./" configPath = "./"
configFile = "telebit-relay" configFile = "telebit-relay"
argWssClientListener string
tcpPort int tcpPort int
argServerBinding string
argServerAdminBinding string
argServerExternalBinding string
argDeadTime int argDeadTime int
connectionTable *api.Table connectionTable *api.Table
secretKey string secretKey string
wssHostName = "localhost.rootprojects.org" wssHostName string
adminHostName string adminHostName string
idle int idle int
dwell int dwell int
cancelcheck int cancelcheck int
lbDefaultMethod api.LoadBalanceStrategy loadBalanceMethod api.LoadBalanceStrategy
nickname string nickname string
acmeEmail string acmeEmail string
acmeStorage string acmeStorage string
acmeAgree bool acmeAgree bool
acmeStaging bool acmeStaging bool
allclients string allclients string
adminDomain string
wssDomain string
) )
func init() { func init() {
@ -68,8 +65,8 @@ func init() {
flag.StringVar(&acmeStorage, "acme-storage", "./acme.d/", "path to ACME storage directory") flag.StringVar(&acmeStorage, "acme-storage", "./acme.d/", "path to ACME storage directory")
flag.BoolVar(&acmeAgree, "acme-agree", false, "agree to the terms of the ACME service provider (required)") flag.BoolVar(&acmeAgree, "acme-agree", false, "agree to the terms of the ACME service provider (required)")
flag.BoolVar(&acmeStaging, "staging", false, "get fake certificates for testing") flag.BoolVar(&acmeStaging, "staging", false, "get fake certificates for testing")
flag.StringVar(&adminDomain, "admin-domain", "", "the management domain") flag.StringVar(&adminHostName, "admin-hostname", "", "the management domain")
flag.StringVar(&wssDomain, "wss-domain", "", "the wss domain for connecting devices, if different from admin") flag.StringVar(&wssHostName, "wss-hostname", "", "the wss domain for connecting devices, if different from admin")
flag.StringVar(&configPath, "config-path", configPath, "Configuration File Path") flag.StringVar(&configPath, "config-path", configPath, "Configuration File Path")
flag.StringVar(&secretKey, "secret", "", "a >= 16-character random string for JWT key signing") // SECRET flag.StringVar(&secretKey, "secret", "", "a >= 16-character random string for JWT key signing") // SECRET
flag.StringVar(&logfile, "log", logfile, "Log file (or stdout/stderr; empty for none)") flag.StringVar(&logfile, "log", logfile, "Log file (or stdout/stderr; empty for none)")
@ -143,20 +140,18 @@ func main() {
} }
} }
adminHostName = adminDomain
if 0 == len(adminHostName) { if 0 == len(adminHostName) {
adminHostName = os.Getenv("ADMIN_DOMAIN") adminHostName = os.Getenv("ADMIN_HOSTNAME")
} }
wssHostName = wssDomain
if 0 == len(wssHostName) { if 0 == len(wssHostName) {
wssHostName = os.Getenv("WSS_DOMAIN") wssHostName = os.Getenv("WSS_HOSTNAME")
} }
if 0 == len(wssHostName) { if 0 == len(wssHostName) {
wssHostName = adminHostName wssHostName = adminHostName
} }
// load balancer method // load balancer method
lbDefaultMethod = api.RoundRobin loadBalanceMethod = api.RoundRobin
if 0 == len(nickname) { if 0 == len(nickname) {
nickname = os.Getenv("NICKNAME") nickname = os.Getenv("NICKNAME")
} }
@ -187,23 +182,29 @@ func main() {
serverStatus.WssDomain = wssHostName serverStatus.WssDomain = wssHostName
serverStatus.Name = nickname serverStatus.Name = nickname
serverStatus.DeadTime = api.NewStatusDeadTime(dwell, idle, cancelcheck) serverStatus.DeadTime = api.NewStatusDeadTime(dwell, idle, cancelcheck)
serverStatus.LoadbalanceDefaultMethod = string(lbDefaultMethod) serverStatus.LoadbalanceDefaultMethod = string(loadBalanceMethod)
connectionTable := api.NewTable(dwell, idle, lbDefaultMethod) connectionTable := api.NewTable(dwell, idle, loadBalanceMethod)
tlsConfig := &tls.Config{ tlsConfig := &tls.Config{
GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { GetCertificate: func(hello *tls.ClientHelloInfo) (*tls.Certificate, error) {
certbundle, err := magic.GetCertificate(hello) return magic.GetCertificate(hello)
/*
if false {
_, _ = magic.GetCertificate(hello)
}
// TODO // TODO
// 1. call out to greenlock for validation // 1. call out to greenlock for validation
// 2. push challenges through http channel // 2. push challenges through http channel
// 3. receive certificates (or don't) // 3. receive certificates (or don't)
//certbundle, err := tls.LoadX509KeyPair("certs/fullchain.pem", "certs/privkey.pem") certbundleT, err := tls.LoadX509KeyPair("certs/fullchain.pem", "certs/privkey.pem")
certbundle := &certbundleT
if err != nil { if err != nil {
return nil, err return nil, err
} }
return certbundle, nil return certbundle, nil
*/
}, },
} }

6
relay/mplexy/listener.go
View File

@ -126,6 +126,7 @@ func (mx *MPlexy) accept(ctx context.Context, wConn *tunnel.WedgeConn) {
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x00}) { } else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x00}) {
encryptMode = encryptSSLV3 encryptMode = encryptSSLV3
loginfo.Println("SSLV3")
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x01}) { } else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x01}) {
encryptMode = encryptTLS10 encryptMode = encryptTLS10
@ -133,12 +134,15 @@ func (mx *MPlexy) accept(ctx context.Context, wConn *tunnel.WedgeConn) {
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x02}) { } else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x02}) {
encryptMode = encryptTLS11 encryptMode = encryptTLS11
loginfo.Println("TLS11")
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x03}) { } else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x03}) {
encryptMode = encryptTLS12 encryptMode = encryptTLS12
loginfo.Println("TLS12")
} else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x04}) { } else if bytes.Contains(peek[0:3], []byte{0x16, 0x03, 0x04}) {
encryptMode = encryptTLS13 encryptMode = encryptTLS13
loginfo.Println("TLS13")
} }
@ -183,7 +187,7 @@ func (mx *MPlexy) acceptEncryptedStream(ctx context.Context, wConn *tunnel.Wedge
if sniHostName == mx.wssHostName || sniHostName == mx.adminHostName { if sniHostName == mx.wssHostName || sniHostName == mx.adminHostName {
// The TLS should be terminated and handled internally // The TLS should be terminated and handled internally
tlsConfig := ctx.Value(ctxConfig).(*tls.Config) tlsConfig := ctx.Value(ctxConfig).(*tls.Config)
conn := tls.Client(wConn, tlsConfig) conn := tls.Server(wConn, tlsConfig)
tlsWedgeConn := tunnel.NewWedgeConn(conn) tlsWedgeConn := tunnel.NewWedgeConn(conn)
mx.acceptPlainStream(ctx, tlsWedgeConn, true) mx.acceptPlainStream(ctx, tlsWedgeConn, true)
return return