Skip to content

Commit

Permalink
feat: user kick and user ban commands
Browse files Browse the repository at this point in the history 
user kick: terminate all active user sessions (poll-based,
every 30s)

user ban: same thing but also removes all user keys, making him
unable to login again

These actions are logged and you can't perform action on yourself without the flag `force`
  • Loading branch information
@korween @libvoid
korween authored and libvoid committed Jul 17, 2023
1 parent 47e7c6c commit 51d8669
Show file tree
Hide file tree
Showing 2 changed files with 65 additions and 1 deletion.
53 changes: 53 additions & 0 deletions pkg/bastion/shell.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1611,6 +1611,59 @@ GLOBAL OPTIONS:
enc.SetIndent("", " ")
return enc.Encode(users)
},
}, {
Name: "kick",
Usage: "Kills all active sessions for user(s)",
ArgsUsage: "USER...",
Action: func(c *cli.Context) error {
if c.NArg() < 1 {
return cli.ShowSubcommandHelp(c)
}

if err := myself.CheckRoles([]string{"admin"}); err != nil {
return err
}

var users []*dbmodels.User
if err := dbmodels.UsersByIdentifiers(db, c.Args()).Find(&users).Error; err != nil {
return err
}

for _, user := range users {
if err := db.Model(&dbmodels.Session{}).Where(&dbmodels.Session{User: user, Status: string(dbmodels.SessionStatusActive)}).Update("status", "closed").Error; err != nil {
return err
}
}
return nil
},
}, {
Name: "ban",
Usage: "Kills all active sessions for user(s), and wipes all his ssh keys",
ArgsUsage: "USER...",
Action: func(c *cli.Context) error {
if c.NArg() < 1 {
return cli.ShowSubcommandHelp(c)
}

if err := myself.CheckRoles([]string{"admin"}); err != nil {
return err
}

var users []*dbmodels.User
if err := dbmodels.UsersByIdentifiers(db, c.Args()).Find(&users).Error; err != nil {
return err
}

for _, user := range users {
if err := db.Where("user_id = ?", user.ID).Delete(&dbmodels.UserKey{}).Error; err != nil {
return err
}
if err := db.Model(&dbmodels.Session{}).Where(&dbmodels.Session{User: user, Status: string(dbmodels.SessionStatusActive)}).Update("status", "closed").Error; err != nil {
return err
}
}
return nil
},
}, {
Name: "invite",
ArgsUsage: "<email>",
Expand Down
13 changes: 12 additions & 1 deletion pkg/bastion/ssh.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -169,10 +169,21 @@ func ChannelHandler(srv *ssh.Server, conn *gossh.ServerConn, newChan gossh.NewCh
_ = ch.Close()
return
}
go func(cnx *gossh.ServerConn, dbConn *gorm.DB, sessionID uint) {
for {
sess := dbmodels.Session{Model: gorm.Model{ID: sessionID}, Status: string(dbmodels.SessionStatusActive)}
if err := dbConn.First(&sess).Error; err != nil || sess.Status != string(dbmodels.SessionStatusActive) {
log.Println("Session should be closed", sessionID, "closing connection")
conn.Close()
break
}
time.Sleep(30 * time.Second) // TODO: VDO: make configurable
}
}(conn, actx.db, sess.ID)
go func() {
err = multiChannelHandler(conn, newChan, ctx, sessionConfigs, sess.ID)
if err != nil {
log.Printf("Error: %v", err)
log.Printf("Error on session %v: %v", sess.ID, err)
}

now := time.Now()
Expand Down

0 comments on commit 51d8669

Please sign in to comment.