Fabio/webssh2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: subnet unauthorized now emits "ssherror" which persists across websocket termination

Browse source
This commit is contained in:
Bill Church 2019-11-23 09:00:28 -05:00
parent 16a27ce62a
commit e796f9fb58
4 changed files with 15 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
ChangeLog.md
View file

@ -1,4 +1,8 @@
# Change Log # Change Log
### 0.3.0 [TBD]
### Added
- Add configuration option to restrict connections to specified subnets thanks to @Mierdin
### 0.2.9 [2019-06-13] ### 0.2.9 [2019-06-13]
### Changes ### Changes
- Missing require('fs') in `server/app.js` See issue [#135](../../issues/135) - Missing require('fs') in `server/app.js` See issue [#135](../../issues/135)

2
app/package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "webssh2", "name": "webssh2",
"version": "0.2.10-0", "version": "0.2.10-1",
"ignore": [ "ignore": [
".gitignore" ".gitignore"
], ],

6
app/server/socket.js
View file

@ -28,8 +28,10 @@ module.exports = function socket (socket) {
if ( (((socket.request.session || {}).ssh || {}).allowedSubnets || {}).length && ( socket.request.session.ssh.allowedSubnets.length > 0 ) ) { if ( (((socket.request.session || {}).ssh || {}).allowedSubnets || {}).length && ( socket.request.session.ssh.allowedSubnets.length > 0 ) ) {
var matcher = new CIDRMatcher(socket.request.session.ssh.allowedSubnets); var matcher = new CIDRMatcher(socket.request.session.ssh.allowedSubnets);
if (!matcher.contains(socket.request.session.ssh.host)) { if (!matcher.contains(socket.request.session.ssh.host)) {
socket.emit('401 UNAUTHORIZED') console.log('WebSSH2 ' + 'error: Requested host outside configured subnets / REJECTED'.red.bold +
debugWebSSH2('SOCKET: Requested host outside configured subnets / REJECTED') ' user=' + socket.request.session.username.yellow.bold.underline +
' from=' + socket.handshake.address.yellow.bold.underline)
socket.emit('ssherror', '401 UNAUTHORIZED')
socket.disconnect(true) socket.disconnect(true)
return return
} }

12
scripts/ver.sh
View file

@ -7,10 +7,10 @@ source ./scripts/util.sh
echo echo
# get current version of workspace, ask to change or rebuild # get current version of workspace, ask to change or rebuild
webssh_ilx_ver=$(jq -r ".version" ./workspace/extensions/webssh2/package.json 2>&1) webssh_ver=$(jq -r ".version" ./app/package.json 2>&1)
if [[ $? -ne 0 ]]; then exit; echo "error reading ILX irule version";fi if [[ $? -ne 0 ]]; then exit; echo "error reading package version";fi
echo "Current version of $webssh_workspace_name is: $webssh_ilx_ver" echo "Current version of package is: $webssh_ver"
echo -n "If you want to change this version, enter it now otherwise press enter to retain: " echo -n "If you want to change this version, enter it now otherwise press enter to retain: "
@ -19,11 +19,11 @@ read newver
echo echo
if [[ ("$newver" != "") ]]; then if [[ ("$newver" != "") ]]; then
echo "Updating version of ILX to: $newver" echo "Updating version of package to: $newver"
export newver export newver
jq --arg newver "$newver" '.version = $newver' < ./workspace/extensions/webssh2/package.json > ./workspace/extensions/webssh2/package.json.new jq --arg newver "$newver" '.version = $newver' < ./app/package.json > ./app/package.json.new
if [[ $? -ne 0 ]]; then exit; echo "error changing version - ilx";fi if [[ $? -ne 0 ]]; then exit; echo "error changing version - ilx";fi
mv ./workspace/extensions/webssh2/package.json.new ./workspace/extensions/webssh2/package.json mv ./app/package.json.new ./app/package.json
else else
echo "No changes made" echo "No changes made"
fi fi