mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-28 18:06:34 +02:00
whoami and logout commands proof of concept
This commit is contained in:
Kenneth Jenkins
parent
109d42257d
commit
66d6ec73b4
1 changed files with 74 additions and 22 deletions
|
|
@ -228,7 +228,7 @@ func (a *Authorize) ManageStream(
|
|||
Name: "Sign in with " + idp.GetType(),
|
||||
Instruction: deviceAuthResp.VerificationURIComplete,
|
||||
Prompts: []*extensions_ssh.KeyboardInteractiveInfoPrompts_Prompt{
|
||||
{},
|
||||
//{}, // XXX: proof of concept (no prompt)
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -281,6 +281,12 @@ func (a *Authorize) ManageStream(
|
|||
fmt.Println(respInfo.Responses)
|
||||
}
|
||||
}
|
||||
|
||||
// XXX: proof of concept -- busy wait for login to complete
|
||||
for sessionState.Load() == nil {
|
||||
time.Sleep(time.Second)
|
||||
}
|
||||
|
||||
if sessionState.Load() != nil {
|
||||
state.MethodsAuthenticated = append(state.MethodsAuthenticated, "keyboard-interactive")
|
||||
} else {
|
||||
|
|
@ -610,7 +616,10 @@ func (a *Authorize) ServeChannel(
|
|||
var downstreamChannelInfo *extensions_ssh.SSHDownstreamChannelInfo
|
||||
var downstreamPtyInfo *extensions_ssh.SSHDownstreamPTYInfo
|
||||
|
||||
handedOff := false
|
||||
|
||||
handoff := func() error {
|
||||
handedOff = true
|
||||
handOff, _ := anypb.New(&extensions_ssh.SSHChannelControlAction{
|
||||
Action: &extensions_ssh.SSHChannelControlAction_HandOff{
|
||||
HandOff: &extensions_ssh.SSHChannelControlAction_HandOffUpstream{
|
||||
|
|
@ -643,6 +652,9 @@ func (a *Authorize) ServeChannel(
|
|||
}
|
||||
return err
|
||||
}
|
||||
if handedOff {
|
||||
continue
|
||||
}
|
||||
rawMsg := channelMsg.GetRawBytes().GetValue()
|
||||
fmt.Printf(" *** channelMsg: %x\n", rawMsg)
|
||||
switch rawMsg[0] {
|
||||
|
|
@ -682,10 +694,35 @@ func (a *Authorize) ServeChannel(
|
|||
switch msg.Request {
|
||||
case "env":
|
||||
// ignore for now
|
||||
case "pty-req":
|
||||
req := parsePtyReq(msg.RequestSpecificData)
|
||||
downstreamPtyInfo = &extensions_ssh.SSHDownstreamPTYInfo{
|
||||
TermEnv: req.TermEnv,
|
||||
WidthColumns: req.Width,
|
||||
HeightRows: req.Height,
|
||||
WidthPx: req.WidthPx,
|
||||
HeightPx: req.HeightPx,
|
||||
Modes: req.Modes,
|
||||
}
|
||||
if err := server.Send(&extensions_ssh.ChannelMessage{
|
||||
Message: &extensions_ssh.ChannelMessage_RawBytes{
|
||||
RawBytes: &wrapperspb.BytesValue{
|
||||
Value: gossh.Marshal(channelRequestSuccessMsg{
|
||||
PeersID: peerId,
|
||||
}),
|
||||
},
|
||||
},
|
||||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
if err := handoff(); err != nil {
|
||||
return err
|
||||
}
|
||||
case "subsystem":
|
||||
subsystem := parseString(msg.RequestSpecificData)
|
||||
command, isInternal := strings.CutPrefix(subsystem, "pomerium")
|
||||
if isInternal {
|
||||
command = strings.TrimSpace(command)
|
||||
if err := server.Send(&extensions_ssh.ChannelMessage{
|
||||
Message: &extensions_ssh.ChannelMessage_RawBytes{
|
||||
RawBytes: &wrapperspb.BytesValue{
|
||||
|
|
@ -698,7 +735,8 @@ func (a *Authorize) ServeChannel(
|
|||
return err
|
||||
}
|
||||
return a.serveInternalCommand(server, peerId, command)
|
||||
} else if err := handoff(); err != nil {
|
||||
}
|
||||
if err := handoff(); err != nil {
|
||||
return err
|
||||
}
|
||||
default:
|
||||
|
|
@ -915,11 +953,19 @@ func (a *Authorize) serveInternalCommand(
|
|||
sessionID = h[0]
|
||||
}
|
||||
|
||||
switch command {
|
||||
case "whoami":
|
||||
fmt.Println(" *** who am I ? ***")
|
||||
client := a.state.Load().dataBrokerClient
|
||||
var output string
|
||||
|
||||
switch command {
|
||||
case "logout":
|
||||
client := a.state.Load().dataBrokerClient
|
||||
err := session.Delete(server.Context(), client, sessionID)
|
||||
if err != nil {
|
||||
output = fmt.Sprint("internal error: ", err.Error())
|
||||
} else {
|
||||
output = "logged out\n"
|
||||
}
|
||||
case "whoami":
|
||||
client := a.state.Load().dataBrokerClient
|
||||
s, err := session.Get(server.Context(), client, sessionID)
|
||||
if err != nil {
|
||||
output = fmt.Sprint("couldn't fetch session: ", err.Error())
|
||||
|
|
@ -928,8 +974,13 @@ func (a *Authorize) serveInternalCommand(
|
|||
whoamiTmpl.Execute(&b, s)
|
||||
output = b.String()
|
||||
}
|
||||
default:
|
||||
output = `available commands:
|
||||
logout - ends the current Pomerium session
|
||||
whoami - returns information about the current Pomerium session
|
||||
`
|
||||
}
|
||||
|
||||
// TODO
|
||||
if err := server.Send(&extensions_ssh.ChannelMessage{
|
||||
Message: &extensions_ssh.ChannelMessage_RawBytes{
|
||||
RawBytes: &wrapperspb.BytesValue{
|
||||
|
|
@ -943,7 +994,8 @@ func (a *Authorize) serveInternalCommand(
|
|||
}); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
time.Sleep(time.Second) // XXX
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue