feat: verify token in ping and newworkconn
This commit is contained in:
Guy Lewin
parent
18c31c0f16
commit
a4a3d16570
@ -141,6 +141,7 @@ func (ctl *Control) HandleReqWorkConn(inMsg *msg.ReqWorkConn) {
|
|||||||
|
|
||||||
m := &msg.NewWorkConn{
|
m := &msg.NewWorkConn{
|
||||||
RunId: ctl.runId,
|
RunId: ctl.runId,
|
||||||
|
Timestamp: time.Now().Unix(),
|
||||||
}
|
}
|
||||||
if err = ctl.authSetter.SetNewWorkConn(m); err != nil {
|
if err = ctl.authSetter.SetNewWorkConn(m); err != nil {
|
||||||
xl.Warn("error during NewWorkConn authentication: %v", err)
|
xl.Warn("error during NewWorkConn authentication: %v", err)
|
||||||
@ -292,7 +293,9 @@ func (ctl *Control) msgHandler() {
|
|||||||
case <-hbSend.C:
|
case <-hbSend.C:
|
||||||
// send heartbeat to server
|
// send heartbeat to server
|
||||||
xl.Debug("send heartbeat to server")
|
xl.Debug("send heartbeat to server")
|
||||||
pingMsg := &msg.Ping{}
|
pingMsg := &msg.Ping{
|
||||||
|
Timestamp: time.Now().Unix(),
|
||||||
|
}
|
||||||
if err := ctl.authSetter.SetPing(pingMsg); err != nil {
|
if err := ctl.authSetter.SetPing(pingMsg); err != nil {
|
||||||
xl.Warn("error during ping authentication: %v", err)
|
xl.Warn("error during ping authentication: %v", err)
|
||||||
return
|
return
|
||||||
|
|||||||
@ -69,13 +69,21 @@ func (auth *TokenAuthSetterVerifier) SetLogin(loginMsg *msg.Login) (err error) {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (auth *TokenAuthSetterVerifier) SetPing(*msg.Ping) error {
|
func (auth *TokenAuthSetterVerifier) SetPing(pingMsg *msg.Ping) error {
|
||||||
// Ping doesn't include authentication in token method
|
if !auth.AuthenticateHeartBeats {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (auth *TokenAuthSetterVerifier) SetNewWorkConn(*msg.NewWorkConn) error {
|
pingMsg.PrivilegeKey = util.GetAuthKey(auth.token, pingMsg.Timestamp)
|
||||||
// NewWorkConn doesn't include authentication in token method
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (auth *TokenAuthSetterVerifier) SetNewWorkConn(newWorkConnMsg *msg.NewWorkConn) error {
|
||||||
|
if !auth.AuthenticateHeartBeats {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
newWorkConnMsg.PrivilegeKey = util.GetAuthKey(auth.token, newWorkConnMsg.Timestamp)
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -86,12 +94,24 @@ func (auth *TokenAuthSetterVerifier) VerifyLogin(loginMsg *msg.Login) error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (auth *TokenAuthSetterVerifier) VerifyPing(*msg.Ping) error {
|
func (auth *TokenAuthSetterVerifier) VerifyPing(pingMsg *msg.Ping) error {
|
||||||
// Ping doesn't include authentication in token method
|
if !auth.AuthenticateHeartBeats {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (auth *TokenAuthSetterVerifier) VerifyNewWorkConn(*msg.NewWorkConn) error {
|
if util.GetAuthKey(auth.token, pingMsg.Timestamp) != pingMsg.PrivilegeKey {
|
||||||
// NewWorkConn doesn't include authentication in token method
|
return fmt.Errorf("token in heartbeat doesn't match token from configuration")
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func (auth *TokenAuthSetterVerifier) VerifyNewWorkConn(newWorkConnMsg *msg.NewWorkConn) error {
|
||||||
|
if !auth.AuthenticateNewWorkConns {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
if util.GetAuthKey(auth.token, newWorkConnMsg.Timestamp) != newWorkConnMsg.PrivilegeKey {
|
||||||
|
return fmt.Errorf("token in NewWorkConn doesn't match token from configuration")
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -122,6 +122,7 @@ type CloseProxy struct {
|
|||||||
type NewWorkConn struct {
|
type NewWorkConn struct {
|
||||||
RunId string `json:"run_id"`
|
RunId string `json:"run_id"`
|
||||||
PrivilegeKey string `json:"privilege_key"`
|
PrivilegeKey string `json:"privilege_key"`
|
||||||
|
Timestamp int64 `json:"timestamp"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type ReqWorkConn struct {
|
type ReqWorkConn struct {
|
||||||
@ -133,6 +134,7 @@ type StartWorkConn struct {
|
|||||||
DstAddr string `json:"dst_addr"`
|
DstAddr string `json:"dst_addr"`
|
||||||
SrcPort uint16 `json:"src_port"`
|
SrcPort uint16 `json:"src_port"`
|
||||||
DstPort uint16 `json:"dst_port"`
|
DstPort uint16 `json:"dst_port"`
|
||||||
|
Error string `json:"error"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type NewVisitorConn struct {
|
type NewVisitorConn struct {
|
||||||
@ -150,9 +152,11 @@ type NewVisitorConnResp struct {
|
|||||||
|
|
||||||
type Ping struct {
|
type Ping struct {
|
||||||
PrivilegeKey string `json:"privilege_key"`
|
PrivilegeKey string `json:"privilege_key"`
|
||||||
|
Timestamp int64 `json:"timestamp"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type Pong struct {
|
type Pong struct {
|
||||||
|
Error string `json:"error"`
|
||||||
}
|
}
|
||||||
|
|
||||||
type UdpPacket struct {
|
type UdpPacket struct {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user