3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-30 15:00:51 +02:00
Code Issues Projects Releases Packages Wiki Activity

fixes for mirror mode

Browse source
This commit is contained in:
Joe Kralicky 2025-04-01 21:49:43 +00:00
parent 619f82e15e
commit f9950856cd
No known key found for this signature in database
GPG key ID: 75C4875F34A9FB79
1 changed files with 9 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

16
authorize/ssh_grpc.go
View file

@ -585,7 +585,8 @@ func handleEvaluatorResponseForSSH(
Username: state.Username, Username: state.Username,
Target: &extensions_ssh.AllowResponse_Upstream{ Target: &extensions_ssh.AllowResponse_Upstream{
Upstream: &extensions_ssh.UpstreamTarget{ Upstream: &extensions_ssh.UpstreamTarget{
Hostname: state.Hostname, Hostname: state.Hostname,
AllowMirrorConnections: true,
AllowedMethods: []*extensions_ssh.AllowedMethod{ AllowedMethods: []*extensions_ssh.AllowedMethod{
{ {
Method: "publickey", Method: "publickey",
@ -1008,11 +1009,12 @@ func (a *Authorize) ServeChannel(
defer outputW.Close() defer outputW.Close()
defer inputR.Close() defer inputR.Close()
err := cmd.Execute() err := cmd.Execute()
if !errors.Is(err, ErrHandoff) { if err != nil && !errors.Is(err, ErrHandoff) {
sendC <- &extensions_ssh.ChannelControl{ sendC <- &extensions_ssh.ChannelControl{
Protocol: "ssh", Protocol: "ssh",
ControlAction: marshalAny(&extensions_ssh.SSHChannelControlAction_Disconnect{ ControlAction: marshalAny(&extensions_ssh.SSHChannelControlAction_Disconnect{
ReasonCode: 11, ReasonCode: 11,
Description: err.Error(),
}), }),
} }
} }
@ -1123,10 +1125,8 @@ func (a *Authorize) NewSSHCLI(
_, cmdIsInteractive := cmd.Annotations["interactive"] _, cmdIsInteractive := cmd.Annotations["interactive"]
switch { switch {
case (ptyInfo == nil) && cmdIsInteractive: case (ptyInfo == nil) && cmdIsInteractive:
cmd.SilenceUsage = true
return fmt.Errorf("\x1b[31m'%s' is an interactive command and requires a TTY (try passing '-t' to ssh)\x1b[0m", cmd.Use) return fmt.Errorf("\x1b[31m'%s' is an interactive command and requires a TTY (try passing '-t' to ssh)\x1b[0m", cmd.Use)
case (ptyInfo != nil) && !cmdIsInteractive: case (ptyInfo != nil) && !cmdIsInteractive:
cmd.SilenceUsage = true
return fmt.Errorf("\x1b[31m'%s' is not an interactive command (try passing '-T' to ssh, or removing '-t')\x1b[0m\r", cmd.Use) return fmt.Errorf("\x1b[31m'%s' is not an interactive command (try passing '-T' to ssh, or removing '-t')\x1b[0m\r", cmd.Use)
} }
return nil return nil
@ -1140,6 +1140,8 @@ func (a *Authorize) NewSSHCLI(
cmd.SetIn(stdin) cmd.SetIn(stdin)
cmd.SetOut(stdout) cmd.SetOut(stdout)
cmd.SetErr(stdout) cmd.SetErr(stdout)
cmd.SilenceUsage = true
cmd.SilenceErrors = true
return cmd return cmd
} }
@ -1219,7 +1221,7 @@ func (a *Authorize) NewPortalCommand(
for _, route := range routes { for _, route := range routes {
items = append(items, item(route)) items = append(items, item(route))
} }
a.activeStreams.Range(func(id uint64, state *StreamState) { a.activeStreams.Range(func(id uint64, _ *StreamState) {
if id != state.StreamID { if id != state.StreamID {
items = append(items, item(fmt.Sprintf("[demo] mirror session: %v", id))) items = append(items, item(fmt.Sprintf("[demo] mirror session: %v", id)))
} }
@ -1265,7 +1267,7 @@ func (a *Authorize) NewPortalCommand(
Target: &extensions_ssh.AllowResponse_MirrorSession{ Target: &extensions_ssh.AllowResponse_MirrorSession{
MirrorSession: &extensions_ssh.MirrorSessionTarget{ MirrorSession: &extensions_ssh.MirrorSessionTarget{
SourceId: id, SourceId: id,
Mode: extensions_ssh.MirrorSessionTarget_ReadWrite, Mode: extensions_ssh.MirrorSessionTarget_ReadOnly,
}, },
}, },
}, },