Skip to content

Commit f059dcd

Browse files
iQQBotiQQBot
committed
[ssh-gateway] Reject ssh connection when workspace not found
1 parent 54914fb commit f059dcd

File tree

1 file changed

+16
-8
lines changed

1 file changed

+16
-8
lines changed

components/ws-proxy/pkg/sshproxy/server.go

+16-8
Original file line numberDiff line numberDiff line change
@@ -43,18 +43,19 @@ var (
4343
)
4444

4545
var (
46-
ErrWorkspaceNotFound = NewSSHError("WS_NOTFOUND", "not found workspace")
47-
ErrWorkspaceIDInvalid = NewSSHError("WS_ID_INVALID", "workspace id invalid")
46+
ErrWorkspaceNotFound = NewSSHErrorWithError("WS_NOTFOUND", "not found workspace", ssh.ErrDenied)
47+
ErrWorkspaceIDInvalid = NewSSHErrorWithError("WS_ID_INVALID", "workspace id invalid", ssh.ErrDenied)
4848
ErrAuthFailed = NewSSHError("AUTH_FAILED", "auth failed")
49-
ErrUsernameFormat = NewSSHError("USER_FORMAT", "username format is not correct")
50-
ErrMissPrivateKey = NewSSHError("MISS_KEY", "missing privateKey")
49+
ErrUsernameFormat = NewSSHErrorWithError("USER_FORMAT", "username format is not correct", ssh.ErrDenied)
50+
ErrMissPrivateKey = NewSSHErrorWithError("MISS_KEY", "missing privateKey", ssh.ErrDenied)
5151
ErrConnFailed = NewSSHError("CONN_FAILED", "cannot to connect with workspace")
5252
ErrCreateSSHKey = NewSSHError("CREATE_KEY_FAILED", "cannot create private pair in workspace")
5353
)
5454

5555
type SSHError struct {
5656
shortName string
5757
description string
58+
err error
5859
}
5960

6061
func (e SSHError) Error() string {
@@ -64,11 +65,18 @@ func (e SSHError) Error() string {
6465
func (e SSHError) ShortName() string {
6566
return e.shortName
6667
}
68+
func (e SSHError) Unwrap() error {
69+
return e.err
70+
}
6771

6872
func NewSSHError(shortName string, description string) SSHError {
6973
return SSHError{shortName: shortName, description: description}
7074
}
7175

76+
func NewSSHErrorWithError(shortName string, description string, err error) SSHError {
77+
return SSHError{shortName: shortName, description: description, err: err}
78+
}
79+
7280
type Session struct {
7381
Conn *ssh.ServerConn
7482

@@ -110,15 +118,15 @@ func New(signers []ssh.Signer, workspaceInfoProvider p.WorkspaceInfoProvider, he
110118
NoClientAuth: true,
111119
NoClientAuthCallback: func(conn ssh.ConnMetadata) (*ssh.Permissions, error) {
112120
args := strings.Split(conn.User(), "#")
113-
// NoClientAuthCallback only support workspaceId#ownerToken
114-
if len(args) != 2 {
115-
return nil, ssh.ErrNoAuth
116-
}
117121
workspaceId := args[0]
118122
wsInfo, err := server.GetWorkspaceInfo(workspaceId)
119123
if err != nil {
120124
return nil, err
121125
}
126+
// NoClientAuthCallback only support workspaceId#ownerToken
127+
if len(args) != 2 {
128+
return nil, ssh.ErrNoAuth
129+
}
122130
if wsInfo.Auth.OwnerToken != args[1] {
123131
return nil, ssh.ErrNoAuth
124132
}

0 commit comments

Comments
 (0)