Small fixes

2024-09-20 06:56:04 +08:00 · 2018-01-05 11:02:13 +01:00 · 2018-01-05 11:02:13 +01:00 · cb3c1056e5
parent 82f96e457c
commit cb3c1056e5
8 changed files with 85 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,7 @@

 * The default created user now has the same username as the user starting sshportal (was hardcoded "admin")
 * Add Telnet support
+* Add TTY audit feature ([#23](https://github.com/moul/sshportal/issues/23)) by [@sabban](https://github.com/sabban)

 ## v1.7.1 (2018-01-03)

--- a/2
+++ b/2
@ -33,7 +33,7 @@ test:

 .PHONY: lint
 lint:
-	gometalinter --disable-all --enable=errcheck --enable=vet --enable=vetshadow --enable=golint --enable=gas --enable=ineffassign --enable=goconst --enable=goimports --enable=gofmt --exclude="should have comment" --enable=staticcheck --enable=gosimple --enable=misspell --deadline=20s .
+	gometalinter --disable-all --enable=errcheck --enable=vet --enable=vetshadow --enable=golint --enable=gas --enable=ineffassign --enable=goconst --enable=goimports --enable=gofmt --exclude="should have comment" --enable=staticcheck --enable=gosimple --enable=misspell --deadline=60s .

 .PHONY: backup
 backup:
--- a/README.md
+++ b/README.md
@ -37,6 +37,7 @@ Jump host/Jump server without the jump, a.k.a Transparent SSH bastion
 * Sensitive data encryption
 * Session management (see active connections, history, stats, stop)
 * Audit log (logging every user action)
+* Record TTY Session
 * Host Keys verifications shared across users
 * Healthcheck user (replying OK to any user)
 * SSH compatibility
--- a/main.go
+++ b/main.go
@ -75,7 +75,7 @@ func main() {
 					Usage: "Encrypt sensitive data in database (length: 16, 24 or 32)",
 				},
 				cli.StringFlag{
-					Name: "logs-location",
+					Name:  "logs-location",
 					Value: "./log",
 					Usage: "Store user session files",
 				},
@ -138,16 +138,16 @@ func server(c *cli.Context) error {
 	// check for the logdir existence
 	logsLocation, e := os.Stat(c.String("logs-location"))
 	if e != nil {
-		err = os.MkdirAll(c.String("logs-location"), os.ModeDir | os.FileMode(0750) )
+		err = os.MkdirAll(c.String("logs-location"), os.ModeDir|os.FileMode(0750))
 		if err != nil {
 			return err
 		}
 	} else {
 		if !logsLocation.IsDir() {
-			log.Fatal("log directory cannnot be created")
+			log.Fatal("log directory cannot be created")
 		}
 	}
-	
+
 	opts := []ssh.Option{}
 	// custom PublicKeyAuth handler
 	opts = append(opts, ssh.PublicKeyAuth(publicKeyAuthHandler(db, c)))
--- a/ssh.go
+++ b/ssh.go
@ -145,7 +145,7 @@ func channelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
 			err = bastionsession.ChannelHandler(srv, conn, newChan, ctx, bastionsession.Config{
 				Addr:         host.DialAddr(),
 				ClientConfig: clientConfig,
-  			Logs:         logsLocation,
+				Logs:         logsLocation,
 			})

 			now := time.Now()
--- a/vendor/github.com/arkan/bastion/LICENSE
+++ b/vendor/github.com/arkan/bastion/LICENSE
@ -0,0 +1,22 @@
+MIT License
+
+Copyright (c) 2016-2017 Florian Bertholin
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
--- a/vendor/github.com/arkan/bastion/pkg/logchannel/logchannel.go
+++ b/vendor/github.com/arkan/bastion/pkg/logchannel/logchannel.go
@ -0,0 +1,49 @@
+package logchannel
+
+import (
+	"encoding/binary"
+	"io"
+	"syscall"
+	"time"
+
+	"golang.org/x/crypto/ssh"
+)
+
+type logChannel struct {
+	channel ssh.Channel
+	writer  io.WriteCloser
+}
+
+func writeTTYRecHeader(fd io.Writer, length int) {
+	t := time.Now()
+
+	tv := syscall.NsecToTimeval(t.UnixNano())
+
+	binary.Write(fd, binary.LittleEndian, int32(tv.Sec))
+	binary.Write(fd, binary.LittleEndian, int32(tv.Usec))
+	binary.Write(fd, binary.LittleEndian, int32(length))
+}
+
+func New(channel ssh.Channel, writer io.WriteCloser) *logChannel {
+	return &logChannel{
+		channel: channel,
+		writer:  writer,
+	}
+}
+
+func (l *logChannel) Read(data []byte) (int, error) {
+	return l.Read(data)
+}
+
+func (l *logChannel) Write(data []byte) (int, error) {
+	writeTTYRecHeader(l.writer, len(data))
+	l.writer.Write(data)
+
+	return l.channel.Write(data)
+}
+
+func (l *logChannel) Close() error {
+	l.writer.Close()
+
+	return l.channel.Close()
+}
--- a/vendor/vendor.json
+++ b/vendor/vendor.json
@ -8,6 +8,12 @@
 			"revision": "648efa622239a2f6ff949fed78ee37b48d499ba4",
 			"revisionTime": "2016-10-02T11:37:05Z"
 		},
+		{
+			"checksumSHA1": "MHJo0MQ1wV3xSm0ncSn/aHaZR3Y=",
+			"path": "github.com/arkan/bastion/pkg/logchannel",
+			"revision": "0eb93ed2121907205ca69f46667a25f8b4320fde",
+			"revisionTime": "2018-01-04T15:54:52Z"
+		},
 		{
 			"checksumSHA1": "qe14CYEIsrbHmel1u0gsdZNFPLQ=",
 			"path": "github.com/asaskevich/govalidator",