From dcb06497ad76635bddd52aa9cd135e1efb7afb2a Mon Sep 17 00:00:00 2001
From: Anders Pitman <tapitman11@gmail.com>
Date: Thu, 24 Feb 2022 14:33:13 -0700
Subject: [PATCH] Implement overriding SSH server per tunnel

This lets you use a proxy for connecting to the SSH server, which
is useful on networks that block SSH/port 22. For example you can
use the boringproxy tuntls command to create a proxy that will
tunnel the client's SSH connections over TLS to the server.

It's all very meta and forces at least double encryption, but it
could be useful.
---
 api.go                     | 18 ++++++++++++++++++
 client.go                  |  1 +
 templates/edit_tunnel.tmpl |  9 +++++++++
 tunnel_manager.go          |  2 --
 4 files changed, 28 insertions(+), 2 deletions(-)

diff --git a/api.go b/api.go
index 8899370..c622527 100644
--- a/api.go
+++ b/api.go
@@ -378,6 +378,22 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
 		return nil, errors.New("Invalid tls-termination parameter")
 	}
 
+	sshServerAddr := a.db.GetAdminDomain()
+	sshServerAddrParam := params.Get("ssh-server-addr")
+	if sshServerAddrParam != "" {
+		sshServerAddr = sshServerAddrParam
+	}
+
+	sshServerPort := a.config.SshServerPort
+	sshServerPortParam := params.Get("ssh-server-port")
+	if sshServerPortParam != "" {
+		var err error
+		sshServerPort, err = strconv.Atoi(sshServerPortParam)
+		if err != nil {
+			return nil, errors.New("Invalid ssh-server-port parameter")
+		}
+	}
+
 	request := Tunnel{
 		Domain:           domain,
 		Owner:            owner,
@@ -389,6 +405,8 @@ func (a *Api) CreateTunnel(tokenData TokenData, params url.Values) (*Tunnel, err
 		AuthUsername:     username,
 		AuthPassword:     password,
 		TlsTermination:   tlsTerm,
+		ServerAddress:    sshServerAddr,
+		ServerPort:       sshServerPort,
 	}
 
 	tunnel, err := a.tunMan.RequestCreateTunnel(request)
diff --git a/client.go b/client.go
index 9cf2d45..dcdccb9 100644
--- a/client.go
+++ b/client.go
@@ -276,6 +276,7 @@ func (c *Client) BoreTunnel(ctx context.Context, tunnel Tunnel) error {
 	}
 
 	sshHost := fmt.Sprintf("%s:%d", tunnel.ServerAddress, tunnel.ServerPort)
+	fmt.Println(sshHost)
 	client, err := ssh.Dial("tcp", sshHost, config)
 	if err != nil {
 		return errors.New(fmt.Sprintf("Failed to dial: ", err))
diff --git a/templates/edit_tunnel.tmpl b/templates/edit_tunnel.tmpl
index 81a4adc..94366f2 100644
--- a/templates/edit_tunnel.tmpl
+++ b/templates/edit_tunnel.tmpl
@@ -59,6 +59,15 @@
        </div>
      </div>
 
+     <div class='input'>
+       <label for="ssh-server-addr">Override SSH Server Address:</label>
+       <input type="text" id="ssh-server-addr" name="ssh-server-addr">
+     </div>
+     <div class='input'>
+       <label for="ssh-server-port">Override SSH Server Port:</label>
+       <input type="text" id="ssh-server-port" name="ssh-server-port">
+     </div>
+
      <button class='button' type="submit">Submit</button>
 
   </form>
diff --git a/tunnel_manager.go b/tunnel_manager.go
index 7f994b1..0092a79 100644
--- a/tunnel_manager.go
+++ b/tunnel_manager.go
@@ -98,8 +98,6 @@ func (m *TunnelManager) RequestCreateTunnel(tunReq Tunnel) (Tunnel, error) {
 		return Tunnel{}, err
 	}
 
-	tunReq.ServerAddress = m.db.GetAdminDomain()
-	tunReq.ServerPort = m.config.SshServerPort
 	tunReq.ServerPublicKey = ""
 	tunReq.Username = m.user.Username
 	tunReq.TunnelPrivateKey = privKey