Merge pull request #207 from antoniomika/am/fix-v2-issues

Close #206 and close #205
antoniomika · Jan 14, 2022 · 4f753b4 · 4f753b4
2 parents b626f96 + ac63b36
commit 4f753b4
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 23 deletions.
diff --git a/httpmuxer/httpmuxer.go b/httpmuxer/httpmuxer.go
@@ -121,7 +121,6 @@ func Start(state *utils.State) {
 		var currentListener *utils.HTTPHolder
 
 		requestUsername, requestPassword, _ := c.Request.BasicAuth()
-		exactMatch := false
 		authNeeded := true
 
 		state.HTTPListeners.Range(func(key, value interface{}) bool {
@@ -130,18 +129,36 @@ func Start(state *utils.State) {
 			parsedPassword, _ := locationListener.HTTPUrl.User.Password()
 
 			if hostname == locationListener.HTTPUrl.Host && strings.HasPrefix(c.Request.URL.Path, locationListener.HTTPUrl.Path) {
-				currentListener = locationListener
+				credsNeeded := locationListener.HTTPUrl.User.Username() != "" && parsedPassword != ""
+				credsMatch := requestUsername == locationListener.HTTPUrl.User.Username() && requestPassword == parsedPassword
 
-				if requestUsername == locationListener.HTTPUrl.User.Username() && requestPassword == parsedPassword {
-					exactMatch = true
-					authNeeded = false
-					return false
+				if credsNeeded {
+					currentListener = locationListener
+
+					if credsMatch {
+						authNeeded = false
+						return false
+					}
 				}
 			}
 
 			return true
 		})
 
+		if currentListener == nil {
+			state.HTTPListeners.Range(func(key, value interface{}) bool {
+				locationListener := value.(*utils.HTTPHolder)
+
+				if hostname == locationListener.HTTPUrl.Host && strings.HasPrefix(c.Request.URL.Path, locationListener.HTTPUrl.Path) {
+					currentListener = locationListener
+					authNeeded = false
+					return false
+				}
+
+				return true
+			})
+		}
+
 		if currentListener == nil && hostIsRoot {
 			if viper.GetBool("redirect-root") && !strings.HasPrefix(c.Request.URL.Path, "/favicon.ico") {
 				c.Redirect(http.StatusFound, viper.GetString("redirect-root-location"))
@@ -162,7 +179,7 @@ func Start(state *utils.State) {
 
 		c.Set("httpHolder", currentListener)
 
-		if !exactMatch || authNeeded {
+		if authNeeded {
 			c.Header("WWW-Authenticate", "Basic realm=\"sish\"")
 			c.AbortWithStatus(http.StatusUnauthorized)
 			return
@@ -214,7 +231,7 @@ func Start(state *utils.State) {
 			})
 		}
 
-		if exactMatch && (viper.GetBool("admin-console") || viper.GetBool("service-console")) && strings.HasPrefix(c.Request.URL.Path, "/_sish/") {
+		if (viper.GetBool("admin-console") || viper.GetBool("service-console")) && strings.HasPrefix(c.Request.URL.Path, "/_sish/") {
 			state.Console.HandleRequest(currentListener.HTTPUrl.String(), hostIsRoot, c)
 			return
 		}

diff --git a/sshmuxer/tcphandler.go b/sshmuxer/tcphandler.go
@@ -27,7 +27,7 @@ func handleTCPListener(check *channelForwardMsg, bindPort uint32, requestMessage
 
 	var balancer *roundrobin.RoundRobin
 
-	balancerName := "root"
+	balancerName := ""
 	if tH != nil && tH.SNIProxy {
 		balancerName = check.Addr
 	}
@@ -73,13 +73,15 @@ func handleTCPListener(check *channelForwardMsg, bindPort uint32, requestMessage
 		state.TCPListeners.Store(tcpAddr, tH)
 	}
 
-	newName, err := utils.GetOpenSNIHost(balancerName, state, sshConn, tH)
+	if sniProxyEnabled {
+		newName, err := utils.GetOpenSNIHost(balancerName, state, sshConn, tH)
 
-	if err != nil || (!strings.HasPrefix(newName, check.Addr) && viper.GetBool("force-requested-subdomains")) {
-		return nil, nil, nil, "", "", fmt.Errorf("error assigning requested address to tunnel")
-	}
+		if err != nil || (!strings.HasPrefix(newName, check.Addr) && viper.GetBool("force-requested-subdomains")) {
+			return nil, nil, nil, "", "", fmt.Errorf("error assigning requested address to tunnel")
+		}
 
-	balancerName = newName
+		balancerName = newName
+	}
 
 	foundBalancer, ok := tH.Balancers.Load(balancerName)
 	if ok {
@@ -103,13 +105,13 @@ func handleTCPListener(check *channelForwardMsg, bindPort uint32, requestMessage
 		Host: base64.StdEncoding.EncodeToString([]byte(listenerHolder.Addr().String())),
 	}
 
-	err = balancer.UpsertServer(serverURL)
+	err := balancer.UpsertServer(serverURL)
 	if err != nil {
 		log.Println("Unable to add server to balancer")
 	}
 
 	domainName := viper.GetString("domain")
-	if balancerName != "root" {
+	if balancerName != "" {
 		domainName = balancerName
 	}
 

diff --git a/utils/state.go b/utils/state.go
@@ -99,7 +99,7 @@ func (tH *TCPHolder) Handle(state *State) {
 
 		var firstWrite *bytes.Buffer
 
-		balancerName := "root"
+		balancerName := ""
 		if tH.SNIProxy {
 			tlsHello, buf, err := PeakTLSHello(cl)
 			if err != nil && tlsHello == nil {

diff --git a/utils/utils.go b/utils/utils.go
@@ -770,17 +770,16 @@ func GetOpenHost(addr string, state *State, sshConn *SSHConnection) (*url.URL, *
 			hostExtension = viper.GetString("append-user-to-subdomain-separator") + sshConn.SSHConn.User()
 		}
 
-		rest := addr
 		var username string
 		var password string
 		var path string
 
 		var bindErr error
 
-		if strings.Contains(rest, "@") {
-			hostParts := strings.SplitN(rest, "@", 2)
+		if strings.Contains(addr, "@") {
+			hostParts := strings.SplitN(addr, "@", 2)
 
-			rest = hostParts[1]
+			addr = hostParts[1]
 
 			if viper.GetBool("bind-http-auth") && len(hostParts[0]) > 0 {
 				authParts := strings.Split(hostParts[0], ":")
@@ -795,8 +794,8 @@ func GetOpenHost(addr string, state *State, sshConn *SSHConnection) (*url.URL, *
 			}
 		}
 
-		if strings.Contains(rest, "/") {
-			pathParts := strings.SplitN(rest, "/", 2)
+		if strings.Contains(addr, "/") {
+			pathParts := strings.SplitN(addr, "/", 2)
 
 			if viper.GetBool("bind-http-path") && len(pathParts[1]) > 0 {
 				path = fmt.Sprintf("/%s", pathParts[1])