v/tmate-ssh-server
1
0
Fork 0
mirror of https://github.com/tmate-io/tmate-ssh-server.git synced 2020-11-18 19:53:51 -08:00
Code Issues Releases Wiki Activity

Treat the ro- prefix as part of the readonly token

Browse Source
This commit is contained in:
Nicolas Viennot 2016-01-23 01:13:12 -05:00
parent d687e486da
commit 13d12e82a6
1 changed files with 19 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
tmate-slave.c
View File

@ -208,26 +208,37 @@ static void set_session_token(struct tmate_session *session,
static void create_session_ro_symlink(struct tmate_session *session) static void create_session_ro_symlink(struct tmate_session *session)
{ {
char session_ro_path[MAXPATHLEN]; char *tmp, *token, *session_ro_path;
session->session_token_ro = get_random_token();
#ifdef DEVENV #ifdef DEVENV
strcpy((char *)session->session_token_ro, "READONLYTOKENFORDEVENV000"); tmp = "READONLYTOKENFORDEVENV000";
#else
tmp = get_random_token();
#endif #endif
xasprintf(&token, "ro-%s", tmp);
free(tmp);
strcpy(session_ro_path, TMATE_WORKDIR "/sessions/"); session->session_token_ro = token;
strcat(session_ro_path, session->session_token_ro);
xasprintf(&session_ro_path, TMATE_WORKDIR "/sessions/%s",
session->session_token_ro);
unlink(session_ro_path); unlink(session_ro_path);
if (symlink(session->session_token, session_ro_path) < 0) if (symlink(session->session_token, session_ro_path) < 0)
tmate_fatal("Cannot create read-only symlink"); tmate_fatal("Cannot create read-only symlink");
free(session_ro_path);
} }
static int validate_token(const char *token) static int validate_token(const char *token)
{ {
int len = strlen(token); int len;
int i; int i;
if (!memcmp("ro-", token, 3))
token += 3;
len = strlen(token);
if (len != TMATE_TOKEN_LEN) if (len != TMATE_TOKEN_LEN)
return -1; return -1;
@ -254,26 +265,10 @@ static void ssh_echo(struct tmate_ssh_client *ssh_client,
} }
#define BAD_TOKEN_ERROR_STR \ #define BAD_TOKEN_ERROR_STR \
" " "\r\n" \ "Invalid session token" "\r\n"
" Dear guest," "\r\n" \
" " "\r\n" \
" There isn't much I can do without a valid session token." "\r\n" \
" Feel free to reach out if you are having issues." "\r\n" \
" " "\r\n" \
" Thanks," "\r\n" \
" Nico" "\r\n" \
" " "\r\n"
#define EXPIRED_TOKEN_ERROR_STR \ #define EXPIRED_TOKEN_ERROR_STR \
" " "\r\n" \ "Invalid or expired session token" "\r\n"
" Dear guest," "\r\n" \
" " "\r\n" \
" The provided session token is invalid, or has expired." "\r\n" \
" Feel free to reach out if you are having issues." "\r\n" \
" " "\r\n" \
" Thanks," "\r\n" \
" Nico" "\r\n" \
" " "\r\n"
static void close_fds_except(int *fd_to_preserve, int num_fds) static void close_fds_except(int *fd_to_preserve, int num_fds)
{ {
@ -418,10 +413,6 @@ static void tmate_spawn_slave_pty_client(struct tmate_session *session)
int slave_pty; int slave_pty;
int ret; int ret;
/* the "ro-" part is just sugar, we don't care about it */
if (!memcmp("ro-", token, 3))
token += 3;
if (validate_token(token) < 0) { if (validate_token(token) < 0) {
ssh_echo(client, BAD_TOKEN_ERROR_STR); ssh_echo(client, BAD_TOKEN_ERROR_STR);
tmate_fatal("Invalid token"); tmate_fatal("Invalid token");