diff --git a/README.md b/README.md index 23031a3..71e7245 100644 --- a/README.md +++ b/README.md @@ -8,4 +8,4 @@ - `docker build . -t gateway` - `docker run -p 22:22 gateway` -- `ssh test@localhost "{\"command\": \"/bin/bash\", \"envs\": {}, \"args\": []}"` \ No newline at end of file +- `ssh test@localhost "{\"identifier\": \"project_env\", \"token\": \"token\", \"command\": \"/bin/bash\", \"envs\": {}, \"args\": []}"` \ No newline at end of file diff --git a/proto/internal.proto b/proto/internal.proto index 87deafb..d341d61 100644 --- a/proto/internal.proto +++ b/proto/internal.proto @@ -13,8 +13,9 @@ message AuthorizeRequest { // identifier of the project string identifier = 1; // ssh_keys from ssh agent - string public_ssh_keys = 2; - // command? + string token = 2; + // command like /bin/bash + string command = 3; } enum AuthorizationStatus { @@ -26,7 +27,6 @@ message AuthorizeResponse { AuthorizationStatus status = 1; string error_message = 2; string session_uuid = 3; - string log_file = 4; } message TerminateRequest { diff --git a/src/client/main.rs b/src/client/main.rs index eaf2c47..f23bc99 100644 --- a/src/client/main.rs +++ b/src/client/main.rs @@ -2,7 +2,7 @@ pub mod client; -use libcommand::internal::{AuthorizeRequest, AuthorizeResponse}; +use libcommand::internal::{AuthorizationStatus, AuthorizeRequest, AuthorizeResponse}; use tonic::Response; #[cfg(unix)] @@ -11,23 +11,26 @@ async fn main() -> Result<(), Box> { let arg = std::env::args() .skip(1) .last().unwrap(); - let mut command : std::process::Command = serde_json::from_str::(&arg) - .unwrap() - .into(); + let command_arg : libcommand::Command = serde_json::from_str::(&arg) + .unwrap(); let mut client = client::connect().await?; let request = tonic::Request::new(AuthorizeRequest { - identifier: "Tonic".into(), - public_ssh_keys: "Tonic".into(), + identifier: command_arg.identifier.clone(), + token: command_arg.token.clone(), + command: command_arg.command.clone() }); let response : Response = client.authorize(request).await?; - println!("RESPONSE={:?}", response); - - let mut child = command.spawn().unwrap(); - child.wait().unwrap(); + if AuthorizationStatus::from_i32(response.get_ref().status) == Some(AuthorizationStatus::Authorized) { + let mut command : std::process::Command = command_arg.into(); + let mut child = command.spawn().unwrap(); + child.wait().unwrap(); + } else { + eprintln!("Permission denied"); + } Ok(()) } diff --git a/src/daemon/server.rs b/src/daemon/server.rs index ba55f95..6e718bc 100644 --- a/src/daemon/server.rs +++ b/src/daemon/server.rs @@ -6,7 +6,7 @@ use tonic::{Request, Response, Status}; use libcommand::internal::{ unix_server::Unix, - AuthorizeRequest, AuthorizeResponse, TerminateRequest, TerminateResponse + AuthorizeRequest, AuthorizeResponse, AuthorizationStatus, TerminateRequest, TerminateResponse, TerminateStatus }; #[derive(Default)] @@ -24,10 +24,9 @@ impl Unix for DaemonServer { println!("Got a request {:?} with info {:?}", request, conn_info); } - let reply = libcommand::internal::AuthorizeResponse { - status: libcommand::internal::AuthorizationStatus::Authorized.into(), + let reply = AuthorizeResponse { + status: AuthorizationStatus::Authorized.into(), error_message: "".into(), - log_file: "".into(), session_uuid: "".into() }; Ok(Response::new(reply)) @@ -43,8 +42,8 @@ impl Unix for DaemonServer { println!("Got a request {:?} with info {:?}", request, conn_info); } - let reply = libcommand::internal::TerminateResponse { - status: libcommand::internal::TerminateStatus::Ok.into(), + let reply = TerminateResponse { + status: TerminateStatus::Ok.into(), error_message: "".into(), }; Ok(Response::new(reply)) diff --git a/src/lib.rs b/src/lib.rs index eb609f1..07590f7 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -9,9 +9,11 @@ pub mod internal { #[derive(Serialize, Deserialize, Debug)] pub struct Command { - command: String, - envs: HashMap, - args: Vec + pub identifier: String, + pub token: String, + pub command: String, + pub envs: HashMap, + pub args: Vec } impl Into for Command {