// Accepts an incoming tunneling request from a remote, initializes and stores // the new tunnel into the connection state. func (c *Connection) buildTunnel(remote uint64, id uint64, key []byte, addrs []string, timeout time.Duration) (*Tunnel, error) { deadline := time.Now().Add(timeout) // Create the local tunnel endpoint c.tunLock.Lock() tunId := c.tunIdx tun := &Tunnel{ id: tunId, owner: c, term: make(chan struct{}), } c.tunIdx++ c.tunLive[tunId] = tun c.tunLock.Unlock() // Dial the remote tunnel listener var err error var strm *stream.Stream for _, addr := range addrs { strm, err = stream.Dial(addr, timeout) if err == nil { break } } // If no error occurred, initialize the client endpoint if err == nil { var conn *link.Link conn, err = c.initClientTunnel(strm, remote, id, key, deadline) if err != nil { if err := strm.Close(); err != nil { log.Printf("iris: failed to close uninitialized client tunnel stream: %v.", err) } } else { // Make sure the tunnel wasn't terminated since (init/close race) tun.lock.Lock() select { case <-tun.term: conn.Close() err = ErrTerminating default: tun.conn = conn } tun.lock.Unlock() } } // Tunneling failed, clean up and report error if err != nil { c.tunLock.Lock() delete(c.tunLive, tunId) c.tunLock.Unlock() return nil, err } return tun, nil }
// Server side of the STS session negotiation. func (l *Listener) serverHandle(strm *stream.Stream, timeout time.Duration) { // Make sure the authentication is synced with the sink defer l.pendWait.Done() // Set an overall time limit for the handshake to complete strm.Sock().SetDeadline(time.Now().Add(config.SessionShakeTimeout)) defer strm.Sock().SetDeadline(time.Time{}) // Fetch the session request and multiplex on the contents req := new(initRequest) if err := strm.Recv(req); err != nil { log.Printf("session: failed to retrieve initiation request: %v", err) if err = strm.Close(); err != nil { log.Printf("session: failed to close uninitialized stream: %v.", err) } return } switch { case req.Auth != nil: // Authenticate and clean up if unsuccessful secret, err := l.serverAuth(strm, req.Auth) if err != nil { log.Printf("session: failed to authenticate remote stream: %v.", err) if err = strm.Close(); err != nil { log.Printf("session: failed to close unauthenticated stream: %v.", err) } return } // Create the session and link a data channel to it sess := newSession(strm, secret, true) if err = l.serverLink(sess); err != nil { log.Printf("session: failed to retrieve data link: %v.", err) if err = strm.Close(); err != nil { log.Printf("session: failed to close unlinked stream: %v.", err) } return } // Session setup complete, send upstream select { case l.Sink <- sess: // Ok case <-time.After(timeout): log.Printf("session: established session not handled in %v, dropping.", timeout) if err = sess.Close(); err != nil { log.Printf("session: failed to close established session: %v.", err) } } case req.Link != nil: // Extract the temporary session id and link this stream to it l.pendLock.Lock() res, ok := l.pends[req.Link.Id] l.pendLock.Unlock() if ok { select { case res <- strm: // Ok, link succeeded default: log.Printf("session: established data stream not handled.") if err := strm.Close(); err != nil { log.Printf("session: failed to close established data stream: %v.", err) } } } } }