MakeSession no longer needs to know if the Session should be admin

2020-10-15 23:02:51 +01:00 · 2020-10-15 23:02:51 +01:00 · 3f3259d4d3
parent f96925982f
commit 3f3259d4d3
3 changed files with 17 additions and 15 deletions
--- a/cmd/ck-client/ck-client.go
+++ b/cmd/ck-client/ck-client.go
@ -4,6 +4,7 @@ package main
 import (
 	"encoding/base64"
 	"encoding/binary"
 	"flag"
 	"fmt"
 	"github.com/cbeuw/Cloak/internal/common"
@ -151,10 +152,11 @@ func main() {
 	if adminUID != nil {
 		log.Infof("API base is %v", localConfig.LocalAddr)
 		authInfo.UID = adminUID
 		authInfo.SessionId = 0
 		remoteConfig.NumConn = 1
 		seshMaker = func() *mux.Session {
-			return client.MakeSession(remoteConfig, authInfo, d, true)
+			return client.MakeSession(remoteConfig, authInfo, d)
 		}
 	} else {
 		var network string
@ -165,7 +167,12 @@ func main() {
 		}
 		log.Infof("Listening on %v %v for %v client", network, localConfig.LocalAddr, authInfo.ProxyMethod)
 		seshMaker = func() *mux.Session {
-			return client.MakeSession(remoteConfig, authInfo, d, false)
+			// sessionID is usergenerated. There shouldn't be a security concern because the scope of
 			// sessionID is limited to its UID.
 			quad := make([]byte, 4)
 			common.RandRead(authInfo.WorldState.Rand, quad)
 			authInfo.SessionId = binary.BigEndian.Uint32(quad)
 			return client.MakeSession(remoteConfig, authInfo, d)
 		}
 	}
--- a/internal/client/connector.go
+++ b/internal/client/connector.go
@ -1,7 +1,6 @@
 package client
 import (
 	"encoding/binary"
 	"github.com/cbeuw/Cloak/internal/common"
 	"net"
 	"sync"
@ -12,18 +11,9 @@ import (
 	log "github.com/sirupsen/logrus"
 )
-func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.Dialer, isAdmin bool) *mux.Session {
+// On different invocations to MakeSession, authInfo.SessionId MUST be different
 func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.Dialer) *mux.Session {
 	log.Info("Attempting to start a new session")
 	//TODO: let caller set this
 	if !isAdmin {
 		// sessionID is usergenerated. There shouldn't be a security concern because the scope of
 		// sessionID is limited to its UID.
 		quad := make([]byte, 4)
 		common.RandRead(authInfo.WorldState.Rand, quad)
 		authInfo.SessionId = binary.BigEndian.Uint32(quad)
 	} else {
 		authInfo.SessionId = 0
 	}
 	connsCh := make(chan net.Conn, connConfig.NumConn)
 	var _sessionKey atomic.Value
@ -48,6 +38,7 @@ func MakeSession(connConfig RemoteConnConfig, authInfo AuthInfo, dialer common.D
 				time.Sleep(time.Second * 3)
 				goto makeconn
 			}
 			// sessionKey given by each connection should be identical
 			_sessionKey.Store(sk)
 			connsCh <- transportConn
 			wg.Done()
--- a/internal/test/integration_test.go
+++ b/internal/test/integration_test.go
@ -3,6 +3,7 @@ package test
 import (
 	"bytes"
 	"encoding/base64"
 	"encoding/binary"
 	"fmt"
 	"github.com/cbeuw/Cloak/internal/client"
 	"github.com/cbeuw/Cloak/internal/common"
@ -185,7 +186,10 @@ func establishSession(lcc client.LocalConnConfig, rcc client.RemoteConnConfig, a
 	netToCkServerD, ckServerListener := connutil.DialerListener(10 * 1024)
 	clientSeshMaker := func() *mux.Session {
-		return client.MakeSession(rcc, ai, netToCkServerD, false)
+		quad := make([]byte, 4)
 		common.RandRead(ai.WorldState.Rand, quad)
 		ai.SessionId = binary.BigEndian.Uint32(quad)
 		return client.MakeSession(rcc, ai, netToCkServerD)
 	}
 	var proxyToCkClientD common.Dialer