dockerfile fix again, minor logging changes

jpillora · jpillora · commit 26c6b885795f · 2017-04-07T23:14:48.000+10:00
diff --git a/Dockerfile b/Dockerfile
@@ -11,8 +11,6 @@ ENV GOLANG_VERSION 1.8
 ENV GOLANG_SRC_URL https://golang.org/dl/go$GOLANG_VERSION.src.tar.gz
 ENV GOLANG_SRC_SHA256 406865f587b44be7092f206d73fc1de252600b79b3cacc587b74b5ef5c623596
 ENV PATH $GOPATH/bin:/usr/local/go/bin:$PATH
-# https://golang.org/issue/14851
-RUN echo -e "diff --git a/src/cmd/link/internal/ld/lib.go b/src/cmd/link/internal/ld/lib.go\nindex 14f4fa9..5599307 100644\n--- a/src/cmd/link/internal/ld/lib.go\n+++ b/src/cmd/link/internal/ld/lib.go\n@@ -1272,6 +1272,11 @@ func hostlink() {\n \t\targv = append(argv, peimporteddlls()...)\n \t}\n\n+\t// The Go linker does not currently support building PIE\n+\t// executables when using the external linker. See:\n+\t// https://github.com/golang/go/issues/6940\n+\targv = append(argv, \"-fno-PIC\")\n+\n \tif Debug['v'] != 0 {\n \t\tfmt.Fprintf(Bso, \"host link:\")\n \t\tfor _, v := range argv {" > /no-pic.patch
 # in one step (to prevent creating superfluous layers):
 # 1. fetch and install temporary build programs,
 # 2. fetch chisel from github (avoid ADD to reduce image size)
@@ -28,6 +26,9 @@ RUN set -ex \
 		openssl \
 		git \
 		go \
+		curl \
+	&& curl -s https://raw.githubusercontent.com/docker-library/golang/132cd70768e3bc269902e4c7b579203f66dc9f64/1.8/alpine/no-pic.patch -o /no-pic.patch \
+	&& cat /no-pic.patch \
 	&& export GOROOT_BOOTSTRAP="$(go env GOROOT)" \
 	&& wget -q "$GOLANG_SRC_URL" -O golang.tar.gz \
 	&& echo "$GOLANG_SRC_SHA256  golang.tar.gz" | sha256sum -c - \
diff --git a/README.md b/README.md
@@ -10,15 +10,13 @@ Chisel is a fast TCP tunnel, transported over HTTP, secured via SSH. Single exec
 
 **Binaries**
 
-[![Releases](https://img.shields.io/github/release/jpillora/chisel.svg)](https://github.com/jpillora/chisel/releases)  [![Releases](https://img.shields.io/github/downloads/jpillora/chisel/total.svg)](https://github.com/jpillora/chisel/releases)
+[![Releases](https://img.shields.io/github/release/jpillora/chisel.svg)](https://github.com/jpillora/chisel/releases) [![Releases](https://img.shields.io/github/downloads/jpillora/chisel/total.svg)](https://github.com/jpillora/chisel/releases)
 
 See [the latest release](https://github.com/jpillora/chisel/releases/latest) or download and install it now with `curl https://i.jpillora.com/chisel! | bash`
 
 **Docker**
 
-[![Docker Pulls](https://img.shields.io/docker/pulls/jpillora/chisel.svg)][dockerhub] [![Image Size](https://images.microbadger.com/badges/image/jpillora/chisel.svg)][dockerhub]
-
-[dockerhub]: https://hub.docker.com/r/jpillora/chisel/
+[![Docker Pulls](https://img.shields.io/docker/pulls/jpillora/chisel.svg)](https://hub.docker.com/r/jpillora/chisel/) [![Image Size](https://images.microbadger.com/badges/image/jpillora/chisel.svg)](https://microbadger.com/images/jpillora/chisel)
 
 ```sh
 docker run --rm -it jpillora/chisel --help
@@ -64,16 +62,16 @@ and then visit [localhost:3000](http://localhost:3000/), we should see a directo
 ```
 $ chisel --help
 
-	Usage: chisel [command] [--help]
+   Usage: chisel [command] [--help]
 
-	Version: 0.0.0-src
+   Version: 0.0.0-src
 
-	Commands:
-	  server - runs chisel in server mode
-	  client - runs chisel in client mode
+   Commands:
+     server - runs chisel in server mode
+     client - runs chisel in client mode
 
-	Read more:
-	  https://github.com/jpillora/chisel
+   Read more:
+     https://github.com/jpillora/chisel
 
 ```
 
diff --git a/main.go b/main.go
@@ -97,23 +97,25 @@ var serverHelp = `
     and private key pair. All commications will be secured using this
     key pair. Share the subsequent fingerprint with clients to enable detection
     of man-in-the-middle attacks (defaults to the CHISEL_KEY environment
-	variable, otherwise a new key is generate each run).
+    variable, otherwise a new key is generate each run).
 
     --auth, An optional string representing a single user with full
-	access, in the form of <user:pass>. This is equivalent to creating an
-	authfile with {"<user:pass>": [""]}.
+    access, in the form of <user:pass>. This is equivalent to creating an
+    authfile with {"<user:pass>": [""]}.
 
     --authfile, An optional path to a users.json file. This file should
     be an object with users defined like:
-      "<user:pass>": ["<addr-regex>","<addr-regex>"]
-      when <user> connects, their <pass> will be verified and then
-      each of the remote addresses will be compared against the list
-      of address regular expressions for a match. Addresses will
-      always come in the form "<host/ip>:<port>".
+      {
+        "<user:pass>": ["<addr-regex>","<addr-regex>"]
+      }
+    when <user> connects, their <pass> will be verified and then
+    each of the remote addresses will be compared against the list
+    of address regular expressions for a match. Addresses will
+    always come in the form "<host/ip>:<port>".
 
     --proxy, Specifies another HTTP server to proxy requests to when
-	chisel receives a normal HTTP request. Useful for hiding chisel in
-	plain sight.
+    chisel receives a normal HTTP request. Useful for hiding chisel in
+    plain sight.
 
     --socks5, Allows client to access the internal SOCKS5 proxy. See
     chisel client --help for more information.
@@ -201,7 +203,7 @@ var clientHelp = `
       socks
       5000:socks
 
-    *When the chisel server enables --socks5, remotes can
+    *When the chisel server has --socks5 enabled, remotes can
     specify "socks" in place of remote-host and remote-port.
     The default local host and port for a "socks" remote is
     127.0.0.1:1080. Connections to this remote will terminate
@@ -227,7 +229,7 @@ var clientHelp = `
 
     --proxy, An optional HTTP CONNECT proxy which will be used reach
     the chisel server. Authentication can be specified inside the URL.
-	For example, http://admin:password@my-server.com:8081
+    For example, http://admin:password@my-server.com:8081
 ` + commonHelp
 
 func client(args []string) {
diff --git a/server/server.go b/server/server.go
@@ -39,7 +39,7 @@ type Server struct {
 	sessions chshare.Users
 
 	fingerprint  string
-	wsCount      int
+	wsCount      int32
 	httpServer   *chshare.HTTPServer
 	reverseProxy *httputil.ReverseProxy
 	sshConfig    *ssh.ServerConfig
@@ -200,14 +200,18 @@ var upgrader = websocket.Upgrader{
 }
 
 func (s *Server) handleWS(w http.ResponseWriter, req *http.Request) {
+
+	id := atomic.AddInt32(&s.wsCount, 1)
+	clog := s.Fork("session#%d", id)
+
 	wsConn, err := upgrader.Upgrade(w, req, nil)
 	if err != nil {
-		s.Debugf("Failed to upgrade (%s)", err)
+		clog.Debugf("Failed to upgrade (%s)", err)
 		return
 	}
 	conn := chshare.NewWebSocketConn(wsConn)
 	// perform SSH handshake on net.Conn
-	s.Debugf("Handshaking...")
+	clog.Debugf("Handshaking...")
 	sshConn, chans, reqs, err := ssh.NewServerConn(conn, s.sshConfig)
 	if err != nil {
 		s.Debugf("Failed to handshake (%s)", err)
@@ -222,7 +226,7 @@ func (s *Server) handleWS(w http.ResponseWriter, req *http.Request) {
 	}
 
 	//verify configuration
-	s.Debugf("Verifying configuration")
+	clog.Debugf("Verifying configuration")
 
 	//wait for request, with timeout
 	var r *ssh.Request
@@ -250,7 +254,7 @@ func (s *Server) handleWS(w http.ResponseWriter, req *http.Request) {
 		if v == "" {
 			v = "<unknown>"
 		}
-		s.Infof("Client version (%s) differs from server version (%s)",
+		clog.Infof("Client version (%s) differs from server version (%s)",
 			v, chshare.BuildVersion)
 	}
 	//if user is provided, ensure they have
@@ -268,51 +272,48 @@ func (s *Server) handleWS(w http.ResponseWriter, req *http.Request) {
 	r.Reply(true, nil)
 
 	//prepare connection logger
-	s.wsCount++
-	id := s.wsCount
-	l := s.Fork("session#%d", id)
-	l.Debugf("Open")
-	go s.handleSSHRequests(l, reqs)
-	go s.handleSSHChannels(l, chans)
+	clog.Debugf("Open")
+	go s.handleSSHRequests(clog, reqs)
+	go s.handleSSHChannels(clog, chans)
 	sshConn.Wait()
-	l.Debugf("Close")
+	clog.Debugf("Close")
 }
 
-func (s *Server) handleSSHRequests(l *chshare.Logger, reqs <-chan *ssh.Request) {
+func (s *Server) handleSSHRequests(clientLog *chshare.Logger, reqs <-chan *ssh.Request) {
 	for r := range reqs {
 		switch r.Type {
 		case "ping":
 			r.Reply(true, nil)
 		default:
-			l.Debugf("Unknown request: %s", r.Type)
+			clientLog.Debugf("Unknown request: %s", r.Type)
 		}
 	}
 }
 
-func (s *Server) handleSSHChannels(l *chshare.Logger, chans <-chan ssh.NewChannel) {
+func (s *Server) handleSSHChannels(clientLog *chshare.Logger, chans <-chan ssh.NewChannel) {
 	var connCount int32
 	for ch := range chans {
 		remote := string(ch.ExtraData())
 		socks := remote == "socks"
 		//dont accept socks when --socks5 isn't enabled
 		if socks && s.socksServer == nil {
-			l.Debugf("Denied socks request, please enable --socks5")
+			clientLog.Debugf("Denied socks request, please enable --socks5")
 			ch.Reject(ssh.Prohibited, "SOCKS5 is not enabled on the server")
 			continue
 		}
 		//accept rest
 		stream, reqs, err := ch.Accept()
 		if err != nil {
-			l.Debugf("Failed to accept stream: %s", err)
+			clientLog.Debugf("Failed to accept stream: %s", err)
 			continue
 		}
 		go ssh.DiscardRequests(reqs)
 		//handle stream type
 		connID := atomic.AddInt32(&connCount, 1)
 		if socks {
-			go s.handleSocksStream(l.Fork("socks#%d", connID), stream)
+			go s.handleSocksStream(clientLog.Fork("socks#%d", connID), stream)
 		} else {
-			go s.handleTCPStream(l.Fork("tcp#%d", connID), stream, remote)
+			go s.handleTCPStream(clientLog.Fork("tcp#%d", connID), stream, remote)
 		}
 	}
 }
