add service option for plugin
This commit is contained in:
@@ -14,6 +14,7 @@ const (
|
||||
)
|
||||
|
||||
type Relay struct {
|
||||
service string
|
||||
pc1 net.PacketConn
|
||||
pc2 net.PacketConn
|
||||
bufferSize int
|
||||
@@ -28,6 +29,11 @@ func NewRelay(pc1, pc2 net.PacketConn) *Relay {
|
||||
}
|
||||
}
|
||||
|
||||
func (r *Relay) WithService(service string) *Relay {
|
||||
r.service = service
|
||||
return r
|
||||
}
|
||||
|
||||
func (r *Relay) WithBypass(bp bypass.Bypass) *Relay {
|
||||
r.bypass = bp
|
||||
return r
|
||||
@@ -62,7 +68,7 @@ func (r *Relay) Run(ctx context.Context) (err error) {
|
||||
return err
|
||||
}
|
||||
|
||||
if r.bypass != nil && r.bypass.Contains(ctx, "udp", raddr.String()) {
|
||||
if r.bypass != nil && r.bypass.Contains(ctx, "udp", raddr.String(), bypass.WithService(r.service)) {
|
||||
if r.logger != nil {
|
||||
r.logger.Warn("bypass: ", raddr)
|
||||
}
|
||||
@@ -99,7 +105,7 @@ func (r *Relay) Run(ctx context.Context) (err error) {
|
||||
return err
|
||||
}
|
||||
|
||||
if r.bypass != nil && r.bypass.Contains(ctx, "udp", raddr.String()) {
|
||||
if r.bypass != nil && r.bypass.Contains(ctx, "udp", raddr.String(), bypass.WithService(r.service)) {
|
||||
if r.logger != nil {
|
||||
r.logger.Warn("bypass: ", raddr)
|
||||
}
|
||||
|
||||
@@ -18,6 +18,7 @@ import (
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/go-gost/core/auth"
|
||||
"github.com/go-gost/core/bypass"
|
||||
"github.com/go-gost/core/chain"
|
||||
"github.com/go-gost/core/hop"
|
||||
@@ -51,6 +52,7 @@ var (
|
||||
)
|
||||
|
||||
type HandleOptions struct {
|
||||
service string
|
||||
dial func(ctx context.Context, network, address string) (net.Conn, error)
|
||||
httpKeepalive bool
|
||||
node *chain.Node
|
||||
@@ -62,6 +64,12 @@ type HandleOptions struct {
|
||||
|
||||
type HandleOption func(opts *HandleOptions)
|
||||
|
||||
func WithService(service string) HandleOption {
|
||||
return func(opts *HandleOptions) {
|
||||
opts.service = service
|
||||
}
|
||||
}
|
||||
|
||||
func WithDial(dial func(ctx context.Context, network, address string) (net.Conn, error)) HandleOption {
|
||||
return func(opts *HandleOptions) {
|
||||
opts.dial = dial
|
||||
@@ -241,7 +249,9 @@ func (h *Sniffer) dial(ctx context.Context, conn net.Conn, req *http.Request, ho
|
||||
})
|
||||
|
||||
if ho.bypass != nil &&
|
||||
ho.bypass.Contains(ctx, "tcp", host, bypass.WithPathOption(req.RequestURI)) {
|
||||
ho.bypass.Contains(ctx, "tcp", host,
|
||||
bypass.WithService(ho.service),
|
||||
bypass.WithPathOption(req.RequestURI)) {
|
||||
ho.log.Debugf("bypass: %s %s", host, req.RequestURI)
|
||||
res.StatusCode = http.StatusForbidden
|
||||
ro.HTTP.StatusCode = res.StatusCode
|
||||
@@ -426,7 +436,7 @@ func (h *Sniffer) httpRoundTrip(ctx context.Context, rw, cc io.ReadWriteCloser,
|
||||
if httpSettings := node.Options().HTTP; httpSettings != nil {
|
||||
if auther := httpSettings.Auther; auther != nil {
|
||||
username, password, _ := req.BasicAuth()
|
||||
id, ok := auther.Authenticate(ctx, username, password)
|
||||
id, ok := auther.Authenticate(ctx, username, password, auth.WithService(ho.service))
|
||||
if !ok {
|
||||
res.StatusCode = http.StatusUnauthorized
|
||||
ro.HTTP.StatusCode = res.StatusCode
|
||||
@@ -807,7 +817,7 @@ func (h *Sniffer) HandleTLS(ctx context.Context, conn net.Conn, opts ...HandleOp
|
||||
}
|
||||
ro.Host = host
|
||||
|
||||
if ho.bypass != nil && ho.bypass.Contains(ctx, "tcp", host) {
|
||||
if ho.bypass != nil && ho.bypass.Contains(ctx, "tcp", host, bypass.WithService(ho.service)) {
|
||||
return xbypass.ErrBypass
|
||||
}
|
||||
}
|
||||
|
||||
@@ -54,6 +54,7 @@ var (
|
||||
)
|
||||
|
||||
type HandleOptions struct {
|
||||
service string
|
||||
dial func(ctx context.Context, network, address string) (net.Conn, error)
|
||||
dialTLS func(ctx context.Context, network, address string, cfg *tls.Config) (net.Conn, error)
|
||||
|
||||
@@ -64,6 +65,12 @@ type HandleOptions struct {
|
||||
|
||||
type HandleOption func(opts *HandleOptions)
|
||||
|
||||
func WithService(service string) HandleOption {
|
||||
return func(opts *HandleOptions) {
|
||||
opts.service = service
|
||||
}
|
||||
}
|
||||
|
||||
func WithDial(dial func(ctx context.Context, network, address string) (net.Conn, error)) HandleOption {
|
||||
return func(opts *HandleOptions) {
|
||||
opts.dial = dial
|
||||
@@ -170,7 +177,7 @@ func (h *Sniffer) HandleHTTP(ctx context.Context, network string, conn net.Conn,
|
||||
"host": host,
|
||||
})
|
||||
|
||||
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host) {
|
||||
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host, bypass.WithService(ho.service)) {
|
||||
return xbypass.ErrBypass
|
||||
}
|
||||
}
|
||||
@@ -600,7 +607,7 @@ func (h *Sniffer) HandleTLS(ctx context.Context, network string, conn net.Conn,
|
||||
}
|
||||
ro.Host = host
|
||||
|
||||
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host) {
|
||||
if ho.bypass != nil && ho.bypass.Contains(ctx, network, host, bypass.WithService(ho.service)) {
|
||||
return xbypass.ErrBypass
|
||||
}
|
||||
}
|
||||
@@ -624,7 +631,7 @@ func (h *Sniffer) HandleTLS(ctx context.Context, network string, conn net.Conn,
|
||||
if host == "" {
|
||||
host = ro.Host
|
||||
}
|
||||
if h.MitmBypass == nil || !h.MitmBypass.Contains(ctx, network, host) {
|
||||
if h.MitmBypass == nil || !h.MitmBypass.Contains(ctx, network, host, bypass.WithService(ho.service)) {
|
||||
return h.terminateTLS(ctx, network, xnet.NewReadWriteConn(io.MultiReader(buf, conn), conn, conn), cc, clientHello, &ho)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,12 +22,12 @@ var (
|
||||
// It authenticates user using a password.
|
||||
type PasswordCallbackFunc func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error)
|
||||
|
||||
func PasswordCallback(au auth.Authenticator) PasswordCallbackFunc {
|
||||
func PasswordCallback(service string, au auth.Authenticator) PasswordCallbackFunc {
|
||||
if au == nil {
|
||||
return nil
|
||||
}
|
||||
return func(conn ssh.ConnMetadata, password []byte) (*ssh.Permissions, error) {
|
||||
if _, ok := au.Authenticate(context.Background(), conn.User(), string(password)); ok {
|
||||
if _, ok := au.Authenticate(context.Background(), conn.User(), string(password), auth.WithService(service)); ok {
|
||||
return nil, nil
|
||||
}
|
||||
return nil, fmt.Errorf("password rejected for %s", conn.User())
|
||||
|
||||
Reference in New Issue
Block a user