mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-28 18:06:34 +02:00
whoami and logout commands proof of concept
This commit is contained in:
Kenneth Jenkins
parent
109d42257d
commit
66d6ec73b4
1 changed files with 74 additions and 22 deletions
|
|
@ -228,7 +228,7 @@ func (a *Authorize) ManageStream(
|
||||||
Name: "Sign in with " + idp.GetType(),
|
Name: "Sign in with " + idp.GetType(),
|
||||||
Instruction: deviceAuthResp.VerificationURIComplete,
|
Instruction: deviceAuthResp.VerificationURIComplete,
|
||||||
Prompts: []*extensions_ssh.KeyboardInteractiveInfoPrompts_Prompt{
|
Prompts: []*extensions_ssh.KeyboardInteractiveInfoPrompts_Prompt{
|
||||||
{},
|
//{}, // XXX: proof of concept (no prompt)
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -281,6 +281,12 @@ func (a *Authorize) ManageStream(
|
||||||
fmt.Println(respInfo.Responses)
|
fmt.Println(respInfo.Responses)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// XXX: proof of concept -- busy wait for login to complete
|
||||||
|
for sessionState.Load() == nil {
|
||||||
|
time.Sleep(time.Second)
|
||||||
|
}
|
||||||
|
|
||||||
if sessionState.Load() != nil {
|
if sessionState.Load() != nil {
|
||||||
state.MethodsAuthenticated = append(state.MethodsAuthenticated, "keyboard-interactive")
|
state.MethodsAuthenticated = append(state.MethodsAuthenticated, "keyboard-interactive")
|
||||||
} else {
|
} else {
|
||||||
|
|
@ -610,7 +616,10 @@ func (a *Authorize) ServeChannel(
|
||||||
var downstreamChannelInfo *extensions_ssh.SSHDownstreamChannelInfo
|
var downstreamChannelInfo *extensions_ssh.SSHDownstreamChannelInfo
|
||||||
var downstreamPtyInfo *extensions_ssh.SSHDownstreamPTYInfo
|
var downstreamPtyInfo *extensions_ssh.SSHDownstreamPTYInfo
|
||||||
|
|
||||||
|
handedOff := false
|
||||||
|
|
||||||
handoff := func() error {
|
handoff := func() error {
|
||||||
|
handedOff = true
|
||||||
handOff, _ := anypb.New(&extensions_ssh.SSHChannelControlAction{
|
handOff, _ := anypb.New(&extensions_ssh.SSHChannelControlAction{
|
||||||
Action: &extensions_ssh.SSHChannelControlAction_HandOff{
|
Action: &extensions_ssh.SSHChannelControlAction_HandOff{
|
||||||
HandOff: &extensions_ssh.SSHChannelControlAction_HandOffUpstream{
|
HandOff: &extensions_ssh.SSHChannelControlAction_HandOffUpstream{
|
||||||
|
|
@ -643,6 +652,9 @@ func (a *Authorize) ServeChannel(
|
||||||
}
|
}
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
if handedOff {
|
||||||
|
continue
|
||||||
|
}
|
||||||
rawMsg := channelMsg.GetRawBytes().GetValue()
|
rawMsg := channelMsg.GetRawBytes().GetValue()
|
||||||
fmt.Printf(" *** channelMsg: %x\n", rawMsg)
|
fmt.Printf(" *** channelMsg: %x\n", rawMsg)
|
||||||
switch rawMsg[0] {
|
switch rawMsg[0] {
|
||||||
|
|
@ -682,10 +694,35 @@ func (a *Authorize) ServeChannel(
|
||||||
switch msg.Request {
|
switch msg.Request {
|
||||||
case "env":
|
case "env":
|
||||||
// ignore for now
|
// ignore for now
|
||||||
|
case "pty-req":
|
||||||
|
req := parsePtyReq(msg.RequestSpecificData)
|
||||||
|
downstreamPtyInfo = &extensions_ssh.SSHDownstreamPTYInfo{
|
||||||
|
TermEnv: req.TermEnv,
|
||||||
|
WidthColumns: req.Width,
|
||||||
|
HeightRows: req.Height,
|
||||||
|
WidthPx: req.WidthPx,
|
||||||
|
HeightPx: req.HeightPx,
|
||||||
|
Modes: req.Modes,
|
||||||
|
}
|
||||||
|
if err := server.Send(&extensions_ssh.ChannelMessage{
|
||||||
|
Message: &extensions_ssh.ChannelMessage_RawBytes{
|
||||||
|
RawBytes: &wrapperspb.BytesValue{
|
||||||
|
Value: gossh.Marshal(channelRequestSuccessMsg{
|
||||||
|
PeersID: peerId,
|
||||||
|
}),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := handoff(); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
case "subsystem":
|
case "subsystem":
|
||||||
subsystem := parseString(msg.RequestSpecificData)
|
subsystem := parseString(msg.RequestSpecificData)
|
||||||
command, isInternal := strings.CutPrefix(subsystem, "pomerium ")
|
command, isInternal := strings.CutPrefix(subsystem, "pomerium")
|
||||||
if isInternal {
|
if isInternal {
|
||||||
|
command = strings.TrimSpace(command)
|
||||||
if err := server.Send(&extensions_ssh.ChannelMessage{
|
if err := server.Send(&extensions_ssh.ChannelMessage{
|
||||||
Message: &extensions_ssh.ChannelMessage_RawBytes{
|
Message: &extensions_ssh.ChannelMessage_RawBytes{
|
||||||
RawBytes: &wrapperspb.BytesValue{
|
RawBytes: &wrapperspb.BytesValue{
|
||||||
|
|
@ -698,7 +735,8 @@ func (a *Authorize) ServeChannel(
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return a.serveInternalCommand(server, peerId, command)
|
return a.serveInternalCommand(server, peerId, command)
|
||||||
} else if err := handoff(); err != nil {
|
}
|
||||||
|
if err := handoff(); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
default:
|
default:
|
||||||
|
|
@ -915,11 +953,19 @@ func (a *Authorize) serveInternalCommand(
|
||||||
sessionID = h[0]
|
sessionID = h[0]
|
||||||
}
|
}
|
||||||
|
|
||||||
switch command {
|
|
||||||
case "whoami":
|
|
||||||
fmt.Println(" *** who am I ? ***")
|
|
||||||
client := a.state.Load().dataBrokerClient
|
|
||||||
var output string
|
var output string
|
||||||
|
|
||||||
|
switch command {
|
||||||
|
case "logout":
|
||||||
|
client := a.state.Load().dataBrokerClient
|
||||||
|
err := session.Delete(server.Context(), client, sessionID)
|
||||||
|
if err != nil {
|
||||||
|
output = fmt.Sprint("internal error: ", err.Error())
|
||||||
|
} else {
|
||||||
|
output = "logged out\n"
|
||||||
|
}
|
||||||
|
case "whoami":
|
||||||
|
client := a.state.Load().dataBrokerClient
|
||||||
s, err := session.Get(server.Context(), client, sessionID)
|
s, err := session.Get(server.Context(), client, sessionID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
output = fmt.Sprint("couldn't fetch session: ", err.Error())
|
output = fmt.Sprint("couldn't fetch session: ", err.Error())
|
||||||
|
|
@ -928,8 +974,13 @@ func (a *Authorize) serveInternalCommand(
|
||||||
whoamiTmpl.Execute(&b, s)
|
whoamiTmpl.Execute(&b, s)
|
||||||
output = b.String()
|
output = b.String()
|
||||||
}
|
}
|
||||||
|
default:
|
||||||
|
output = `available commands:
|
||||||
|
logout - ends the current Pomerium session
|
||||||
|
whoami - returns information about the current Pomerium session
|
||||||
|
`
|
||||||
|
}
|
||||||
|
|
||||||
// TODO
|
|
||||||
if err := server.Send(&extensions_ssh.ChannelMessage{
|
if err := server.Send(&extensions_ssh.ChannelMessage{
|
||||||
Message: &extensions_ssh.ChannelMessage_RawBytes{
|
Message: &extensions_ssh.ChannelMessage_RawBytes{
|
||||||
RawBytes: &wrapperspb.BytesValue{
|
RawBytes: &wrapperspb.BytesValue{
|
||||||
|
|
@ -943,7 +994,8 @@ func (a *Authorize) serveInternalCommand(
|
||||||
}); err != nil {
|
}); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
time.Sleep(time.Second) // XXX
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue