Compare commits
No commits in common. "2817417eca8a36c0d13012b57013b7ebea9e14e5" and "4590fdadbe6625c26149ecbda00187fdb7845b68" have entirely different histories.
2817417eca
...
4590fdadbe
21
auth.go
21
auth.go
@ -1,24 +1,3 @@
|
|||||||
/*
|
|
||||||
* Seashell - SSH server with virtual hosts and username-based routing
|
|
||||||
*
|
|
||||||
* Copyright (C) 2024 Elara6331 <elara@elara.ws>
|
|
||||||
*
|
|
||||||
* This file is part of Seashell.
|
|
||||||
*
|
|
||||||
* Seashell is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU Affero General Public License as
|
|
||||||
* published by the Free Software Foundation, either version 3 of the
|
|
||||||
* License, or (at your option) any later version.
|
|
||||||
*
|
|
||||||
* Seashell is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU Affero General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU Affero General Public License
|
|
||||||
* along with Seashell. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|||||||
@ -150,7 +150,7 @@ func Nomad(route config.Route) router.Handler {
|
|||||||
return errors.New("task group not found")
|
return errors.New("task group not found")
|
||||||
}
|
}
|
||||||
|
|
||||||
taskName := args[2]
|
var taskName = args[2]
|
||||||
if taskName == "" {
|
if taskName == "" {
|
||||||
taskName = group.Tasks[0].Name
|
taskName = group.Tasks[0].Name
|
||||||
}
|
}
|
||||||
@ -189,7 +189,7 @@ func Nomad(route config.Route) router.Handler {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
taskName := args[3]
|
var taskName = args[3]
|
||||||
if taskName == "" {
|
if taskName == "" {
|
||||||
taskName = group.Tasks[0].Name
|
taskName = group.Tasks[0].Name
|
||||||
}
|
}
|
||||||
|
|||||||
@ -47,7 +47,7 @@ type proxySettings struct {
|
|||||||
UserMap *cty.Value `cty:"userMap"`
|
UserMap *cty.Value `cty:"userMap"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Proxy is the proxy backend. It returns a handler that establishes a proxy
|
// Proxy is the proxy backend. It returns a handler that establishes a proxy
|
||||||
// session to a remote server based on the provided configuration.
|
// session to a remote server based on the provided configuration.
|
||||||
func Proxy(route config.Route) router.Handler {
|
func Proxy(route config.Route) router.Handler {
|
||||||
return func(sess ssh.Session, arg string) error {
|
return func(sess ssh.Session, arg string) error {
|
||||||
@ -70,7 +70,7 @@ func Proxy(route config.Route) router.Handler {
|
|||||||
if opts.User == nil {
|
if opts.User == nil {
|
||||||
userMap := ctyObjToStringMap(opts.UserMap)
|
userMap := ctyObjToStringMap(opts.UserMap)
|
||||||
user, _ := sshctx.GetUser(sess.Context())
|
user, _ := sshctx.GetUser(sess.Context())
|
||||||
|
|
||||||
if muser, ok := userMap[user.Name]; ok {
|
if muser, ok := userMap[user.Name]; ok {
|
||||||
opts.User = &muser
|
opts.User = &muser
|
||||||
} else {
|
} else {
|
||||||
@ -100,19 +100,19 @@ func Proxy(route config.Route) router.Handler {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
knownHostHandler, err := goph.DefaultKnownHosts()
|
knownHostHandler, err := goph.DefaultKnownHosts()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
c.Config.Callback = func(host string, remote net.Addr, key gossh.PublicKey) error {
|
c.Config.Callback = func(host string, remote net.Addr, key gossh.PublicKey) error {
|
||||||
println("hi")
|
println("hi")
|
||||||
err = goph.AddKnownHost(host, remote, key, "")
|
err = goph.AddKnownHost(host, remote, key, "")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
return knownHostHandler(host, remote, key)
|
return knownHostHandler(host, remote, key)
|
||||||
}
|
}
|
||||||
|
|
||||||
baseCmd := sess.Command()
|
baseCmd := sess.Command()
|
||||||
@ -187,7 +187,7 @@ func sshHandleResize(resizeCh <-chan ssh.Window, cmd *goph.Cmd) {
|
|||||||
|
|
||||||
// readPassword reads a password from the SSH session, sending an asterisk
|
// readPassword reads a password from the SSH session, sending an asterisk
|
||||||
// for each character typed.
|
// for each character typed.
|
||||||
//
|
//
|
||||||
// It handles interrupts (Ctrl+C), EOF (Ctrl+D), and backspace.
|
// It handles interrupts (Ctrl+C), EOF (Ctrl+D), and backspace.
|
||||||
// It returns what it read once it receives a carriage return or a newline.
|
// It returns what it read once it receives a carriage return or a newline.
|
||||||
func readPassword(sess ssh.Session) (string, error) {
|
func readPassword(sess ssh.Session) (string, error) {
|
||||||
|
|||||||
@ -95,7 +95,7 @@ func Serial(route config.Route) router.Handler {
|
|||||||
file, baudRate, config = filepath.Join(*opts.Directory, args[0]), args[1], args[2]
|
file, baudRate, config = filepath.Join(*opts.Directory, args[0]), args[1], args[2]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if !route.Permissions.IsAllowed(user, filepath.Base(file)) {
|
if !route.Permissions.IsAllowed(user, filepath.Base(file)) {
|
||||||
return router.ErrUnauthorized
|
return router.ErrUnauthorized
|
||||||
}
|
}
|
||||||
|
|||||||
@ -29,7 +29,7 @@ import (
|
|||||||
type PermissionsMap map[string]map[string][]string
|
type PermissionsMap map[string]map[string][]string
|
||||||
|
|
||||||
// IsAllowed checks if the user has permissions for all the specified items.
|
// IsAllowed checks if the user has permissions for all the specified items.
|
||||||
//
|
//
|
||||||
// The default policy is deny, and denials take priority, so if one item
|
// The default policy is deny, and denials take priority, so if one item
|
||||||
// in items is set to deny, IsAllowed will always return false, even if
|
// in items is set to deny, IsAllowed will always return false, even if
|
||||||
// other items are explicitly allowed.
|
// other items are explicitly allowed.
|
||||||
|
|||||||
21
keys.go
21
keys.go
@ -1,24 +1,3 @@
|
|||||||
/*
|
|
||||||
* Seashell - SSH server with virtual hosts and username-based routing
|
|
||||||
*
|
|
||||||
* Copyright (C) 2024 Elara6331 <elara@elara.ws>
|
|
||||||
*
|
|
||||||
* This file is part of Seashell.
|
|
||||||
*
|
|
||||||
* Seashell is free software: you can redistribute it and/or modify
|
|
||||||
* it under the terms of the GNU Affero General Public License as
|
|
||||||
* published by the Free Software Foundation, either version 3 of the
|
|
||||||
* License, or (at your option) any later version.
|
|
||||||
*
|
|
||||||
* Seashell is distributed in the hope that it will be useful,
|
|
||||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
* GNU Affero General Public License for more details.
|
|
||||||
*
|
|
||||||
* You should have received a copy of the GNU Affero General Public License
|
|
||||||
* along with Seashell. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
*/
|
|
||||||
|
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user