erik/converge
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

added insecure flag to allow invalid certificates.

Browse Source
This commit is contained in:
Erik Brakkee 2024-07-23 22:27:09 +02:00
parent 0b57a31eaa
commit be3e6b7c4a
4 changed files with 118 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
cmd/agent/agent.go
View File

@ -6,6 +6,7 @@ import (
"converge/pkg/iowrappers" "converge/pkg/iowrappers"
"converge/pkg/terminal" "converge/pkg/terminal"
"converge/pkg/websocketutil" "converge/pkg/websocketutil"
"crypto/tls"
"flag" "flag"
"fmt" "fmt"
"github.com/gliderlabs/ssh" "github.com/gliderlabs/ssh"
@ -15,6 +16,7 @@ import (
"io" "io"
"log" "log"
"net" "net"
"net/http"
"net/url" "net/url"
"os" "os"
"os/exec" "os/exec"
@ -148,6 +150,7 @@ func main() {
advanceWarningTime := flag.Duration("warning-time", 5*time.Minute, "advance warning time before sessio ends") advanceWarningTime := flag.Duration("warning-time", 5*time.Minute, "advance warning time before sessio ends")
agentExpriryTime := flag.Duration("expiry-time", 10*time.Minute, "expiry time of the session") agentExpriryTime := flag.Duration("expiry-time", 10*time.Minute, "expiry time of the session")
tickerInterval := flag.Duration("check-interval", 60*time.Second, "interval at which expiry is checked") tickerInterval := flag.Duration("check-interval", 60*time.Second, "interval at which expiry is checked")
insecure := flag.Bool("insecure", false, "allow invalid certificates")
flag.Parse() flag.Parse()
if flag.NArg() != 1 { if flag.NArg() != 1 {
@ -158,7 +161,14 @@ func main() {
agent.ConfigureAgent(*advanceWarningTime, *agentExpriryTime, *tickerInterval) agent.ConfigureAgent(*advanceWarningTime, *agentExpriryTime, *tickerInterval)
conn, _, err := websocket.DefaultDialer.Dial(wsURL, nil) dialer := websocket.Dialer{
Proxy: http.ProxyFromEnvironment,
HandshakeTimeout: 45 * time.Second,
}
if *insecure {
dialer.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
conn, _, err := dialer.Dial(wsURL, nil)
if err != nil { if err != nil {
log.Println("WebSocket connection error:", err) log.Println("WebSocket connection error:", err)
return return

37
cmd/tcptows/tcptows.go
View File

@ -3,10 +3,13 @@ package main
import ( import (
"converge/pkg/iowrappers" "converge/pkg/iowrappers"
"converge/pkg/websocketutil" "converge/pkg/websocketutil"
"crypto/tls"
"flag"
"fmt" "fmt"
"github.com/gorilla/websocket" "github.com/gorilla/websocket"
"log" "log"
"net" "net"
"net/http"
"os" "os"
"time" "time"
) )
@ -18,11 +21,18 @@ func closeConnection(conn net.Conn) {
_ = conn.Close() _ = conn.Close()
} }
func handleConnection(conn net.Conn, wsURL string) { func handleConnection(conn net.Conn, wsURL string, insecure bool) {
defer closeConnection(conn) defer closeConnection(conn)
log.Printf("Connecting to '%s'\n", wsURL) log.Printf("Connecting to '%s'\n", wsURL)
_wsConn, _, err := websocket.DefaultDialer.Dial(wsURL, nil) dialer := websocket.Dialer{
Proxy: http.ProxyFromEnvironment,
HandshakeTimeout: 45 * time.Second,
}
if insecure {
dialer.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
_wsConn, _, err := dialer.Dial(wsURL, nil)
if err != nil { if err != nil {
log.Println("WebSocket connection error:", err) log.Println("WebSocket connection error:", err)
return return
@ -36,14 +46,23 @@ func handleConnection(conn net.Conn, wsURL string) {
} }
func main() { func main() {
if len(os.Args) != 3 { usage := "Usage: tcptows [options] <localport> ws[s]://<host>[:port]/client/<ID>\n" +
fmt.Fprintln(os.Stderr, "Usage: tcptows <localport> ws[s]://<host>[:port]/client/<ID>") "\n" +
fmt.Fprintln(os.Stderr) "Here <ID> is the rendez-vous id of a continuous integratio job\n"
fmt.Fprintln(os.Stderr, "Here <ID> is the rendez-vous id of a continuous integratio job") insecure := flag.Bool("insecure", false, "allow invalid certificates")
flag.Usage = func() {
fmt.Fprintln(os.Stderr, usage)
flag.PrintDefaults()
}
flag.Parse()
fmt.Println("Narg ", flag.NArg())
if flag.NArg() != 2 {
flag.Usage()
os.Exit(1) os.Exit(1)
} }
tcpPort := os.Args[1] tcpPort := flag.Arg(0)
wsURL := os.Args[2] wsURL := flag.Arg(1)
listener, err := net.Listen("tcp", ":"+tcpPort) listener, err := net.Listen("tcp", ":"+tcpPort)
if err != nil { if err != nil {
@ -60,6 +79,6 @@ func main() {
log.Println(err) log.Println(err)
continue continue
} }
go handleConnection(conn, wsURL) go handleConnection(conn, wsURL, *insecure)
} }
} }

61
cmd/wsproxy/proxy.go
View File

@ -1,61 +0,0 @@
package main
import (
"converge/pkg/iowrappers"
"converge/pkg/websocketutil"
"fmt"
"github.com/gorilla/websocket"
"log"
"net"
"os"
"time"
)
func closeConnection(conn net.Conn) {
if tcpConn, ok := conn.(*net.TCPConn); ok {
tcpConn.SetLinger(0)
}
_ = conn.Close()
}
type Stdio struct{}
func (stdio Stdio) Read(b []byte) (n int, err error) {
return os.Stdin.Read(b)
}
func (stdio Stdio) Write(b []byte) (n int, err error) {
return os.Stdout.Write(b)
}
func main() {
if len(os.Args) != 2 {
fmt.Fprintln(os.Stderr, "Usage: tcptows ws[s]://<host>[:port]/client/<ID>")
fmt.Fprintln(os.Stderr)
fmt.Fprintln(os.Stderr, "Here <ID> is the rendez-vous id of a continuous integratio job")
fmt.Fprintln(os.Stderr, "Use this in an ssh command like this; ")
fmt.Fprintln(os.Stderr)
fmt.Fprintln(os.Stderr, " ssh -oProxyCommand='wsproxy ws[s]://<host>[:port]/client/<ID>' abc@localhost")
fmt.Fprintln(os.Stderr)
fmt.Fprintln(os.Stderr, "This lets ssh connect through wsproxy to the remote websocket on")
fmt.Fprintln(os.Stderr, "Converge server.")
fmt.Fprintln(os.Stderr)
os.Exit(1)
}
wsURL := os.Args[1]
_wsConn, _, err := websocket.DefaultDialer.Dial(wsURL, nil)
if err != nil {
panic(err)
}
_wsConn.SetReadDeadline(time.Time{})
_wsConn.SetWriteDeadline(time.Time{})
if err != nil {
log.Println("WebSocket connection error:", err)
panic(err)
}
wsConn := websocketutil.NewWebSocketConn(_wsConn)
defer wsConn.Close()
iowrappers.SynchronizeStreams(wsConn, Stdio{})
}

79
cmd/wsproxy/wsproxy.go Normal file
View File

@ -0,0 +1,79 @@
package main
import (
"converge/pkg/iowrappers"
"converge/pkg/websocketutil"
"crypto/tls"
"flag"
"fmt"
"github.com/gorilla/websocket"
"log"
"net"
"net/http"
"os"
"time"
)
func closeConnection(conn net.Conn) {
if tcpConn, ok := conn.(*net.TCPConn); ok {
tcpConn.SetLinger(0)
}
_ = conn.Close()
}
type Stdio struct{}
func (stdio Stdio) Read(b []byte) (n int, err error) {
return os.Stdin.Read(b)
}
func (stdio Stdio) Write(b []byte) (n int, err error) {
return os.Stdout.Write(b)
}
func main() {
usage := "Usage: tcptows ws[s]://<host>[:port]/client/<ID>\n\n" +
"\n" +
"Here <ID> is the rendez-vous id of a continuous integration job\n" +
"\n" +
"Use this in an ssh command like this: \n" +
"\n" +
" ssh -oProxyCommand='wsproxy ws[s]://<host>[:port]/client/<ID>' abc@localhost\n" +
"\n" +
"This latssh connect through wsproxy tocalhost\n"
insecure := flag.Bool("insecure", false, "allow invalid certificates")
flag.Usage = func() {
fmt.Fprintln(os.Stderr, usage)
flag.PrintDefaults()
}
flag.Parse()
if flag.NArg() != 1 {
flag.Usage()
os.Exit(1)
}
wsURL := flag.Arg(0)
dialer := websocket.Dialer{
Proxy: http.ProxyFromEnvironment,
HandshakeTimeout: 45 * time.Second,
}
if *insecure {
dialer.TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
}
_wsConn, _, err := dialer.Dial(wsURL, nil)
if err != nil {
panic(err)
}
_wsConn.SetReadDeadline(time.Time{})
_wsConn.SetWriteDeadline(time.Time{})
if err != nil {
log.Println("WebSocket connection error:", err)
panic(err)
}
wsConn := websocketutil.NewWebSocketConn(_wsConn)
defer wsConn.Close()
iowrappers.SynchronizeStreams(wsConn, Stdio{})
}