This repository has been archived by the owner on Oct 2, 2022. It is now read-only.
generated from ContainerSSH/library-template
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhandler_networkconnection.go
132 lines (122 loc) · 3.63 KB
/
handler_networkconnection.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
package auditlogintegration
import (
"context"
"github.com/containerssh/auditlog"
"github.com/containerssh/auditlog/message"
"github.com/containerssh/sshserver"
)
type networkConnectionHandler struct {
backend sshserver.NetworkConnectionHandler
audit auditlog.Connection
}
func (n *networkConnectionHandler) OnAuthKeyboardInteractive(
user string,
challenge func(
instruction string,
questions sshserver.KeyboardInteractiveQuestions,
) (answers sshserver.KeyboardInteractiveAnswers, err error),
) (response sshserver.AuthResponse, reason error) {
return n.backend.OnAuthKeyboardInteractive(
user,
func(
instruction string,
questions sshserver.KeyboardInteractiveQuestions,
) (answers sshserver.KeyboardInteractiveAnswers, err error) {
var auditQuestions []message.KeyboardInteractiveQuestion
for _, q := range questions {
auditQuestions = append(auditQuestions, message.KeyboardInteractiveQuestion{
Question: q.Question,
Echo: q.EchoResponse,
})
}
n.audit.OnAuthKeyboardInteractiveChallenge(user, instruction, auditQuestions)
answers, err = challenge(instruction, questions)
if err != nil {
return answers, err
}
var auditAnswers []message.KeyboardInteractiveAnswer
for _, q := range auditQuestions {
a, err := answers.GetByQuestionText(q.Question)
if err != nil {
return answers, err
}
auditAnswers = append(auditAnswers, message.KeyboardInteractiveAnswer{
Question: q.Question,
Answer: a,
})
}
n.audit.OnAuthKeyboardInteractiveAnswer(user, auditAnswers)
return answers, err
},
)
}
func (n *networkConnectionHandler) OnShutdown(shutdownContext context.Context) {
n.backend.OnShutdown(shutdownContext)
}
func (n *networkConnectionHandler) OnAuthPassword(
username string,
password []byte,
) (response sshserver.AuthResponse, reason error) {
n.audit.OnAuthPassword(username, password)
response, reason = n.backend.OnAuthPassword(username, password)
switch response {
case sshserver.AuthResponseSuccess:
n.audit.OnAuthPasswordSuccess(username, password)
case sshserver.AuthResponseFailure:
n.audit.OnAuthPasswordFailed(username, password)
case sshserver.AuthResponseUnavailable:
if reason != nil {
n.audit.OnAuthPasswordBackendError(username, password, reason.Error())
} else {
n.audit.OnAuthPasswordBackendError(username, password, "")
}
}
return response, reason
}
func (n *networkConnectionHandler) OnAuthPubKey(
username string,
pubKey string,
) (
response sshserver.AuthResponse,
reason error,
) {
n.audit.OnAuthPubKey(username, pubKey)
response, reason = n.backend.OnAuthPubKey(username, pubKey)
switch response {
case sshserver.AuthResponseSuccess:
n.audit.OnAuthPubKeySuccess(username, pubKey)
case sshserver.AuthResponseFailure:
n.audit.OnAuthPubKeyFailed(username, pubKey)
case sshserver.AuthResponseUnavailable:
if reason != nil {
n.audit.OnAuthPubKeyBackendError(username, pubKey, reason.Error())
} else {
n.audit.OnAuthPubKeyBackendError(username, pubKey, "")
}
}
return response, reason
}
func (n *networkConnectionHandler) OnHandshakeFailed(reason error) {
n.backend.OnHandshakeFailed(reason)
n.audit.OnHandshakeFailed(reason.Error())
}
func (n *networkConnectionHandler) OnHandshakeSuccess(
username string,
) (
connection sshserver.SSHConnectionHandler,
failureReason error,
) {
n.audit.OnHandshakeSuccessful(username)
backend, err := n.backend.OnHandshakeSuccess(username)
if err != nil {
return nil, err
}
return &sshConnectionHandler{
backend: backend,
audit: n.audit,
}, nil
}
func (n *networkConnectionHandler) OnDisconnect() {
n.audit.OnDisconnect()
n.backend.OnDisconnect()
}