diff --git a/cmd/passport/auth.go b/cmd/passport/auth.go index 4fd0d5a..3f35ea1 100644 --- a/cmd/passport/auth.go +++ b/cmd/passport/auth.go @@ -1,6 +1,7 @@ package main import ( + "crypto/tls" "net/url" "sync" "time" @@ -9,7 +10,7 @@ import ( "github.com/yosebyte/passport/pkg/log" ) -func authSetups(parsedURL *url.URL, whiteList *sync.Map) { +func authSetups(parsedURL *url.URL, whiteList *sync.Map, tlsConfig *tls.Config) { if parsedURL.Fragment == "" { return } @@ -20,7 +21,7 @@ func authSetups(parsedURL *url.URL, whiteList *sync.Map) { log.Info("Auth mode enabled: %v", parsedAuthURL) go func() { for { - if err := internal.HandleHTTP(parsedAuthURL, whiteList); err != nil { + if err := internal.HandleHTTP(parsedAuthURL, whiteList, tlsConfig); err != nil { log.Error("Auth mode error: %v", err) log.Info("Restarting in 1s...") time.Sleep(1 * time.Second) diff --git a/cmd/passport/core.go b/cmd/passport/core.go index 51e6765..4a09456 100644 --- a/cmd/passport/core.go +++ b/cmd/passport/core.go @@ -1,6 +1,7 @@ package main import ( + "crypto/tls" "net/url" "os" "strings" @@ -12,10 +13,10 @@ import ( "github.com/yosebyte/passport/pkg/log" ) -func coreSelect(parsedURL *url.URL, rawURL string, whiteList *sync.Map) { +func coreSelect(parsedURL *url.URL, rawURL string, whiteList *sync.Map, tlsConfig *tls.Config) { switch parsedURL.Scheme { case "server": - runServer(parsedURL, rawURL, whiteList) + runServer(parsedURL, rawURL, whiteList, tlsConfig) case "client": runClient(parsedURL, rawURL) case "broker": @@ -26,10 +27,10 @@ func coreSelect(parsedURL *url.URL, rawURL string, whiteList *sync.Map) { } } -func runServer(parsedURL *url.URL, rawURL string, whiteList *sync.Map) { +func runServer(parsedURL *url.URL, rawURL string, whiteList *sync.Map, tlsConfig *tls.Config) { log.Info("Server core selected: %v", strings.Split(rawURL, "#")[0]) for { - if err := tunnel.Server(parsedURL, whiteList); err != nil { + if err := tunnel.Server(parsedURL, whiteList, tlsConfig); err != nil { log.Error("Server core error: %v", err) log.Info("Restarting in 1s...") time.Sleep(1 * time.Second) diff --git a/cmd/passport/main.go b/cmd/passport/main.go index 5568a0f..1df2e9e 100644 --- a/cmd/passport/main.go +++ b/cmd/passport/main.go @@ -6,6 +6,7 @@ import ( "sync" "github.com/yosebyte/passport/pkg/log" + "github.com/yosebyte/passport/pkg/tls" ) var ( @@ -23,6 +24,10 @@ func main() { if err != nil { log.Fatal("Error parsing raw URL: %v", err) } - authSetups(parsedURL, &whiteList) - coreSelect(parsedURL, rawURL, &whiteList) + tlsConfig, err := tls.NewTLSconfig("") + if err != nil { + log.Error("Error generating TLS config: %v", err) + } + authSetups(parsedURL, &whiteList, tlsConfig) + coreSelect(parsedURL, rawURL, &whiteList, tlsConfig) } diff --git a/internal/http.go b/internal/http.go index 44e14e9..e5da7e3 100644 --- a/internal/http.go +++ b/internal/http.go @@ -1,16 +1,16 @@ package internal import ( + "crypto/tls" "net" "net/http" "net/url" "sync" "github.com/yosebyte/passport/pkg/log" - "github.com/yosebyte/passport/pkg/tls" ) -func HandleHTTP(parsedURL *url.URL, whiteList *sync.Map) error { +func HandleHTTP(parsedURL *url.URL, whiteList *sync.Map, tlsConfig *tls.Config) error { http.HandleFunc(parsedURL.Path, func(w http.ResponseWriter, r *http.Request) { clientIP, _, err := net.SplitHostPort(r.RemoteAddr) if err != nil { @@ -30,11 +30,6 @@ func HandleHTTP(parsedURL *url.URL, whiteList *sync.Map) error { return err } } else { - tlsConfig, err := tls.NewTLSconfig(parsedURL.Hostname()) - if err != nil { - log.Error("Error generating TLS config: %v", err) - return err - } authServer := &http.Server{ Addr: parsedURL.Host, TLSConfig: tlsConfig, diff --git a/internal/tunnel/client.go b/internal/tunnel/client.go index e485c41..d414ebb 100644 --- a/internal/tunnel/client.go +++ b/internal/tunnel/client.go @@ -1,6 +1,7 @@ package tunnel import ( + "crypto/tls" "net" "net/url" "strings" @@ -25,7 +26,7 @@ func Client(parsedURL *url.URL) error { log.Error("Unable to resolve target address: %v", strings.TrimPrefix(parsedURL.Path, "/")) return err } - linkConn, err := net.DialTCP("tcp", nil, linkAddr) + linkConn, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true}) if err != nil { log.Error("Unable to dial link address: [%v]", linkAddr) return err diff --git a/internal/tunnel/server.go b/internal/tunnel/server.go index b54b2b8..cfb11b0 100644 --- a/internal/tunnel/server.go +++ b/internal/tunnel/server.go @@ -1,6 +1,7 @@ package tunnel import ( + "crypto/tls" "net" "net/url" "strings" @@ -9,7 +10,7 @@ import ( "github.com/yosebyte/passport/pkg/log" ) -func Server(parsedURL *url.URL, whiteList *sync.Map) error { +func Server(parsedURL *url.URL, whiteList *sync.Map, tlsConfig *tls.Config) error { linkAddr, err := net.ResolveTCPAddr("tcp", parsedURL.Host) if err != nil { log.Error("Unable to resolve link address: %v", parsedURL.Host) @@ -25,13 +26,13 @@ func Server(parsedURL *url.URL, whiteList *sync.Map) error { log.Error("Unable to resolve target address: %v", strings.TrimPrefix(parsedURL.Path, "/")) return err } - linkListen, err := net.ListenTCP("tcp", linkAddr) + linkListen, err := tls.Listen("tcp", linkAddr.String(), tlsConfig) if err != nil { log.Error("Unable to listen link address: [%v]", linkAddr) return err } defer linkListen.Close() - linkConn, err := linkListen.AcceptTCP() + linkConn, err := linkListen.Accept() if err != nil { log.Error("Unable to accept connections form link address: [%v]", linkAddr) return err diff --git a/internal/tunnel/tcp.go b/internal/tunnel/tcp.go index 823e836..100b376 100644 --- a/internal/tunnel/tcp.go +++ b/internal/tunnel/tcp.go @@ -1,6 +1,7 @@ package tunnel import ( + "crypto/tls" "net" "net/url" "sync" @@ -10,7 +11,7 @@ import ( "github.com/yosebyte/passport/pkg/log" ) -func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net.TCPAddr, linkListen *net.TCPListener, linkConn *net.TCPConn) error { +func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net.TCPAddr, linkListen net.Listener, linkConn net.Conn) error { targetListen, err := net.ListenTCP("tcp", targetAddr) if err != nil { log.Error("Unable to listen target address: [%v]", targetAddr) @@ -54,7 +55,7 @@ func ServeTCP(parsedURL *url.URL, whiteList *sync.Map, linkAddr, targetAddr *net targetConn.Close() return } - remoteConn, err := linkListen.AcceptTCP() + remoteConn, err := linkListen.Accept() if err != nil { log.Error("Unable to accept connections form link address: [%v] %v", linkAddr, err) return @@ -76,7 +77,7 @@ func ClientTCP(linkAddr, targetTCPAddr *net.TCPAddr) { } defer targetConn.Close() log.Info("Target connection established: [%v]", targetTCPAddr) - remoteConn, err := net.DialTCP("tcp", nil, linkAddr) + remoteConn, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true}) if err != nil { log.Error("Unable to dial target address: [%v], %v", linkAddr, err) return diff --git a/internal/tunnel/udp.go b/internal/tunnel/udp.go index 5f8e127..4273c7b 100644 --- a/internal/tunnel/udp.go +++ b/internal/tunnel/udp.go @@ -1,6 +1,7 @@ package tunnel import ( + "crypto/tls" "net" "net/url" "sync" @@ -10,7 +11,7 @@ import ( "github.com/yosebyte/passport/pkg/log" ) -func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, targetAddr *net.UDPAddr, linkListen *net.TCPListener, linkConn *net.TCPConn) error { +func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, targetAddr *net.UDPAddr, linkListen net.Listener, linkConn net.Conn) error { targetConn, err := net.ListenUDP("udp", targetAddr) if err != nil { log.Error("Unable to listen target address: [%v]", targetAddr) @@ -40,13 +41,13 @@ func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, ta log.Error("Unable to send signal: %v", err) break } - remoteConn, err := linkListen.AcceptTCP() + remoteConn, err := linkListen.Accept() if err != nil { log.Error("Unable to accept connections from link address: [%v] %v", linkAddr, err) continue } sem <- struct{}{} - go func(buffer []byte, n int, remoteConn *net.TCPConn, clientAddr *net.UDPAddr) { + go func(buffer []byte, n int, remoteConn net.Conn, clientAddr *net.UDPAddr) { defer func() { <-sem remoteConn.Close() @@ -74,7 +75,7 @@ func ServeUDP(parsedURL *url.URL, whiteList *sync.Map, linkAddr *net.TCPAddr, ta } func ClientUDP(linkAddr *net.TCPAddr, targetUDPAddr *net.UDPAddr) { - remoteConn, err := net.DialTCP("tcp", nil, linkAddr) + remoteConn, err := tls.Dial("tcp", linkAddr.String(), &tls.Config{InsecureSkipVerify: true}) if err != nil { log.Error("Unable to dial target address: [%v] %v", linkAddr, err) return diff --git a/pkg/conn/conn.go b/pkg/conn/conn.go index 2848fb0..e970f14 100644 --- a/pkg/conn/conn.go +++ b/pkg/conn/conn.go @@ -5,7 +5,7 @@ import ( "net" ) -func DataExchange(conn1, conn2 *net.TCPConn) { +func DataExchange(conn1, conn2 net.Conn) { done := make(chan struct{}, 2) go func() { io.Copy(conn1, conn2)