feat: add missing SOCKS5 features
Goal of this commit is to add some missing features when the Kubernetes API is accessed through a SOCKS5 proxy. That's for example the case when port-forwarding is used (`kubectl port-forward`) or when exec'ing inside a container (`kubectl exec`), with this commit it'll now be possible to use both. Signed-off-by: Romain Aviolat <romain.aviolat@kudelskisecurity.com> Signed-off-by: Romain Jufer <romain.jufer@kudelskisecurity.com>
This commit is contained in:
Romain Aviolat
41
vendor/github.com/armon/go-socks5/ruleset.go
generated
vendored
Normal file
41
vendor/github.com/armon/go-socks5/ruleset.go
generated
vendored
Normal file
@@ -0,0 +1,41 @@
|
||||
package socks5
|
||||
|
||||
import (
|
||||
"golang.org/x/net/context"
|
||||
)
|
||||
|
||||
// RuleSet is used to provide custom rules to allow or prohibit actions
|
||||
type RuleSet interface {
|
||||
Allow(ctx context.Context, req *Request) (context.Context, bool)
|
||||
}
|
||||
|
||||
// PermitAll returns a RuleSet which allows all types of connections
|
||||
func PermitAll() RuleSet {
|
||||
return &PermitCommand{true, true, true}
|
||||
}
|
||||
|
||||
// PermitNone returns a RuleSet which disallows all types of connections
|
||||
func PermitNone() RuleSet {
|
||||
return &PermitCommand{false, false, false}
|
||||
}
|
||||
|
||||
// PermitCommand is an implementation of the RuleSet which
|
||||
// enables filtering supported commands
|
||||
type PermitCommand struct {
|
||||
EnableConnect bool
|
||||
EnableBind bool
|
||||
EnableAssociate bool
|
||||
}
|
||||
|
||||
func (p *PermitCommand) Allow(ctx context.Context, req *Request) (context.Context, bool) {
|
||||
switch req.Command {
|
||||
case ConnectCommand:
|
||||
return ctx, p.EnableConnect
|
||||
case BindCommand:
|
||||
return ctx, p.EnableBind
|
||||
case AssociateCommand:
|
||||
return ctx, p.EnableAssociate
|
||||
}
|
||||
|
||||
return ctx, false
|
||||
}
|
||||
Reference in New Issue
Block a user