Add version string setting closes #202, add e2e tests for generating via link command

Author: NHAS

cmd/client/main.go

@@ -46,6 +46,8 @@ var (
 	logLevel        string
 
 	ntlmProxyCreds string
+
+	versionString string
 )
 
 func printHelp() {
@@ -58,18 +60,21 @@ func printHelp() {
 	fmt.Println("\t\t--process_name\tProcess name shown in tasklist/process list")
 	fmt.Println("\t\t--sni\tWhen using TLS set the clients requested SNI to this value")
 	fmt.Println("\t\t--log-level\tChange logging output levels, [INFO,WARNING,ERROR,FATAL,DISABLED]")
+	fmt.Println("\t\t--version-string\tSSH version string to use, i.e SSH-VERSION, defaults to internal.Version-runtime.GOOS_runtime.GOARCH")
 	if runtime.GOOS == "windows" {
 		fmt.Println("\t\t--host-kerberos\tUse kerberos authentication on proxy server (if proxy server specified)")
 	}
 }
 
 func makeInitialSettings() (*client.Settings, error) {
+	// set the initial settings from the embedded values first
 	settings := &client.Settings{
 		Fingerprint:          fingerprint,
 		ProxyAddr:            proxy,
 		Addr:                 destination,
 		ProxyUseHostKerberos: useHostKerberos == "true",
 		SNI:                  customSNI,
+		VersionString:        versionString,
 	}
 
 	if ntlmProxyCreds != "" {
@@ -143,6 +148,11 @@ func main() {
 		settings.ProxyUseHostKerberos = true
 	}
 
+	versionString, err := line.GetArgString("version-string")
+	if err == nil {
+		settings.VersionString = versionString
+	}
+
 	tempDestination, err := line.GetArgString("d")
 	if err != nil {
 		tempDestination, _ = line.GetArgString("destination")

e2e/link_tests.go

@@ -1,6 +1,8 @@
 package main
 
 import (
+	"bytes"
+	"io"
 	"log"
 	"net/http"
 )
@@ -14,6 +16,8 @@ func linkTests() {
 	conditionExec("link --goos windows --name windowsbin", "windowsbin", 0, "", 0)
 	conditionExec("link --goos windows --shared-object --name windowsdll", "windowsdll", 0, "", 0)
 
+	conditionExec("link --name versionbin --version-string nootnootnootnoot1", "", 0, "", 0)
+
 	resp, err := http.Get("http://" + listenAddr + "/linuxbin")
 	if err != nil {
 		log.Fatal("failed to fetch linuxbin: ", err)
@@ -32,6 +36,25 @@ func linkTests() {
 		log.Fatal("should have returned 200 for created windowsdll, instead got: ", resp.Status)
 	}
 
+	resp, err = http.Get("http://" + listenAddr + "/versionbin")
+	if err != nil {
+		log.Fatal("failed to fetch versionstring binary: ", err)
+	}
+	if resp.StatusCode != 200 {
+		log.Fatal("should have returned 200 for created versionstring , instead got: ", resp.Status)
+	}
+
+	wholeBinary, err := io.ReadAll(resp.Body)
+	if err != nil {
+		log.Fatal("failed to read binary: ", err)
+	}
+
+	if !bytes.Contains(wholeBinary, []byte("nootnootnootnoot1")) {
+		log.Fatal("the version string was not set within the binary")
+	}
+
+	resp.Body.Close()
+
 	log.Println("Ending link tests")
 
 }

internal/client/client.go

@@ -308,6 +308,8 @@ type Settings struct {
 
 	ProxyUseHostKerberos bool
 
+	VersionString string
+
 	ntlm *ntlmssp.Client
 }
 
@@ -380,6 +382,10 @@ func Run(settings *Settings) {
 		ClientVersion: "SSH-" + internal.Version + "-" + runtime.GOOS + "_" + runtime.GOARCH,
 	}
 
+	if settings.VersionString != "" {
+		config.ClientVersion = "SSH-" + settings.VersionString
+	}
+
 	realAddr, scheme := determineConnectionType(settings.Addr)
 
 	// fetch the environment variables, but the first proxy is done from the supplied proxyAddr arg

internal/server/commands/link.go

@@ -54,6 +54,7 @@ func (l *link) ValidArgs() map[string]string {
 		"use-kerberos":      "Instruct client to try and use kerberos ticket when using a proxy",
 		"log-level":         "Set default output logging levels, [INFO,WARNING,ERROR,FATAL,DISABLED]",
 		"ntlm-proxy-creds":  "Set NTLM proxy credentials in format DOMAIN\\USER:PASS",
+		"version-string":    "Set the SSH version string the client uses, will always be prefixed with SSH-",
 	}
 
 	// Add duplicate flags for owners
@@ -186,6 +187,11 @@ func (l *link) Run(user *users.User, tty io.ReadWriter, line terminal.ParsedLine
 		return err
 	}
 
+	buildConfig.VersionString, err = line.GetArgString("version-string")
+	if err != nil && err != terminal.ErrFlagNotSet {
+		return err
+	}
+
 	buildConfig.Comment, err = line.GetArgString("C")
 	if err != nil && err != terminal.ErrFlagNotSet {
 		return err

internal/server/webserver/buildmanager.go

@@ -50,6 +50,8 @@ type BuildConfig struct {
 	WorkingDirectory string
 
 	NTLMProxyCreds string
+
+	VersionString string
 }
 
 func Build(config BuildConfig) (string, error) {
@@ -169,7 +171,7 @@ func Build(config BuildConfig) (string, error) {
 		return "", err
 	}
 
-	buildArguments = append(buildArguments, fmt.Sprintf("-ldflags=-s -w -X main.logLevel=%s -X main.destination=%s -X main.fingerprint=%s -X main.proxy=%s -X main.customSNI=%s -X main.useHostKerberos=%t -X main.ntlmProxyCreds=%s -X github.com/NHAS/reverse_ssh/internal.Version=%s", config.LogLevel, config.ConnectBackAdress, config.Fingerprint, config.Proxy, config.SNI, config.UseKerberosAuth, config.NTLMProxyCreds, strings.TrimSpace(f.Version)))
+	buildArguments = append(buildArguments, fmt.Sprintf("-ldflags=-s -w -X main.logLevel=%s -X main.destination=%s -X main.fingerprint=%s -X main.proxy=%s -X main.customSNI=%s -X main.useHostKerberos=%t -X main.ntlmProxyCreds=%s -X main.versionString=%s -X github.com/NHAS/reverse_ssh/internal.Version=%s", config.LogLevel, config.ConnectBackAdress, config.Fingerprint, config.Proxy, config.SNI, config.UseKerberosAuth, config.NTLMProxyCreds, strings.TrimSpace(config.VersionString), strings.TrimSpace(f.Version)))
 	buildArguments = append(buildArguments, "-o", f.FilePath, filepath.Join(projectRoot, "/cmd/client"))
 
 	cmd := exec.Command(buildTool, buildArguments...)