This commit is contained in:
Bethuel Mmbaga 2024-08-14 13:30:10 +03:00 committed by GitHub
parent 181dd93695
commit 6016d2f7ce
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
11 changed files with 28 additions and 24 deletions

View File

@ -3,6 +3,7 @@ package auth
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
@ -180,7 +181,7 @@ func (d *DeviceAuthorizationFlow) WaitToken(ctx context.Context, info AuthFlowIn
continue continue
} }
return TokenInfo{}, fmt.Errorf(tokenResponse.ErrorDescription) return TokenInfo{}, errors.New(tokenResponse.ErrorDescription)
} }
tokenInfo := TokenInfo{ tokenInfo := TokenInfo{

View File

@ -960,9 +960,9 @@ func (e *Engine) connWorker(conn *peer.Conn, peerKey string) {
for { for {
// randomize starting time a bit // randomize starting time a bit
min := 500 minValue := 500
max := 2000 maxValue := 2000
duration := time.Duration(rand.Intn(max-min)+min) * time.Millisecond duration := time.Duration(rand.Intn(maxValue-minValue)+minValue) * time.Millisecond
select { select {
case <-e.ctx.Done(): case <-e.ctx.Done():
return return

View File

@ -1,4 +1,5 @@
//go:build !android //go:build !android
package sysctl package sysctl
import ( import (

View File

@ -118,9 +118,9 @@ func (srv *DefaultServer) publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) b
func prepareUserEnv(user *user.User, shell string) []string { func prepareUserEnv(user *user.User, shell string) []string {
return []string{ return []string{
fmt.Sprintf("SHELL=" + shell), fmt.Sprint("SHELL=" + shell),
fmt.Sprintf("USER=" + user.Username), fmt.Sprint("USER=" + user.Username),
fmt.Sprintf("HOME=" + user.HomeDir), fmt.Sprint("HOME=" + user.HomeDir),
} }
} }

View File

@ -2,6 +2,7 @@ package client
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"io" "io"
"sync" "sync"
@ -267,7 +268,7 @@ func (c *GrpcClient) receiveEvents(stream proto.ManagementService_SyncClient, se
// GetServerPublicKey returns server's WireGuard public key (used later for encrypting messages sent to the server) // GetServerPublicKey returns server's WireGuard public key (used later for encrypting messages sent to the server)
func (c *GrpcClient) GetServerPublicKey() (*wgtypes.Key, error) { func (c *GrpcClient) GetServerPublicKey() (*wgtypes.Key, error) {
if !c.ready() { if !c.ready() {
return nil, fmt.Errorf(errMsgNoMgmtConnection) return nil, errors.New(errMsgNoMgmtConnection)
} }
mgmCtx, cancel := context.WithTimeout(c.ctx, 5*time.Second) mgmCtx, cancel := context.WithTimeout(c.ctx, 5*time.Second)
@ -314,7 +315,7 @@ func (c *GrpcClient) IsHealthy() bool {
func (c *GrpcClient) login(serverKey wgtypes.Key, req *proto.LoginRequest) (*proto.LoginResponse, error) { func (c *GrpcClient) login(serverKey wgtypes.Key, req *proto.LoginRequest) (*proto.LoginResponse, error) {
if !c.ready() { if !c.ready() {
return nil, fmt.Errorf(errMsgNoMgmtConnection) return nil, errors.New(errMsgNoMgmtConnection)
} }
loginReq, err := encryption.EncryptMessage(serverKey, c.key, req) loginReq, err := encryption.EncryptMessage(serverKey, c.key, req)
@ -452,7 +453,7 @@ func (c *GrpcClient) GetPKCEAuthorizationFlow(serverKey wgtypes.Key) (*proto.PKC
// It should be used if there is changes on peer posture check after initial sync. // It should be used if there is changes on peer posture check after initial sync.
func (c *GrpcClient) SyncMeta(sysInfo *system.Info) error { func (c *GrpcClient) SyncMeta(sysInfo *system.Info) error {
if !c.ready() { if !c.ready() {
return fmt.Errorf(errMsgNoMgmtConnection) return errors.New(errMsgNoMgmtConnection)
} }
serverPubKey, err := c.GetServerPublicKey() serverPubKey, err := c.GetServerPublicKey()

View File

@ -257,7 +257,7 @@ func (s *GRPCServer) validateToken(ctx context.Context, jwtToken string) (string
} }
if err := s.accountManager.CheckUserAccessByJWTGroups(ctx, claims); err != nil { if err := s.accountManager.CheckUserAccessByJWTGroups(ctx, claims); err != nil {
return "", status.Errorf(codes.PermissionDenied, err.Error()) return "", status.Error(codes.PermissionDenied, err.Error())
} }
return claims.UserId, nil return claims.UserId, nil
@ -268,15 +268,15 @@ func mapError(ctx context.Context, err error) error {
if e, ok := internalStatus.FromError(err); ok { if e, ok := internalStatus.FromError(err); ok {
switch e.Type() { switch e.Type() {
case internalStatus.PermissionDenied: case internalStatus.PermissionDenied:
return status.Errorf(codes.PermissionDenied, e.Message) return status.Error(codes.PermissionDenied, e.Message)
case internalStatus.Unauthorized: case internalStatus.Unauthorized:
return status.Errorf(codes.PermissionDenied, e.Message) return status.Error(codes.PermissionDenied, e.Message)
case internalStatus.Unauthenticated: case internalStatus.Unauthenticated:
return status.Errorf(codes.PermissionDenied, e.Message) return status.Error(codes.PermissionDenied, e.Message)
case internalStatus.PreconditionFailed: case internalStatus.PreconditionFailed:
return status.Errorf(codes.FailedPrecondition, e.Message) return status.Error(codes.FailedPrecondition, e.Message)
case internalStatus.NotFound: case internalStatus.NotFound:
return status.Errorf(codes.NotFound, e.Message) return status.Error(codes.NotFound, e.Message)
default: default:
} }
} }

View File

@ -46,7 +46,7 @@ func initPostureChecksTestData(postureChecks ...*posture.Checks) *PostureChecksH
testPostureChecks[postureChecks.ID] = postureChecks testPostureChecks[postureChecks.ID] = postureChecks
if err := postureChecks.Validate(); err != nil { if err := postureChecks.Validate(); err != nil {
return status.Errorf(status.InvalidArgument, err.Error()) return status.Errorf(status.InvalidArgument, err.Error()) //nolint
} }
return nil return nil

View File

@ -3,6 +3,7 @@ package idp
import ( import (
"context" "context"
"encoding/json" "encoding/json"
"errors"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
@ -44,14 +45,14 @@ type mockJsonParser struct {
func (m *mockJsonParser) Marshal(v interface{}) ([]byte, error) { func (m *mockJsonParser) Marshal(v interface{}) ([]byte, error) {
if m.marshalErrorString != "" { if m.marshalErrorString != "" {
return nil, fmt.Errorf(m.marshalErrorString) return nil, errors.New(m.marshalErrorString)
} }
return m.jsonParser.Marshal(v) return m.jsonParser.Marshal(v)
} }
func (m *mockJsonParser) Unmarshal(data []byte, v interface{}) error { func (m *mockJsonParser) Unmarshal(data []byte, v interface{}) error {
if m.unmarshalErrorString != "" { if m.unmarshalErrorString != "" {
return fmt.Errorf(m.unmarshalErrorString) return errors.New(m.unmarshalErrorString)
} }
return m.jsonParser.Unmarshal(data, v) return m.jsonParser.Unmarshal(data, v)
} }

View File

@ -150,7 +150,7 @@ func (m *JWTValidator) ValidateAndParse(ctx context.Context, token string) (*jwt
// If we get here, the required token is missing // If we get here, the required token is missing
errorMsg := "required authorization token not found" errorMsg := "required authorization token not found"
log.WithContext(ctx).Debugf(" Error: No credentials found (CredentialsOptional=false)") log.WithContext(ctx).Debugf(" Error: No credentials found (CredentialsOptional=false)")
return nil, fmt.Errorf(errorMsg) return nil, errors.New(errorMsg)
} }
// Now parse the token // Now parse the token
@ -173,7 +173,7 @@ func (m *JWTValidator) ValidateAndParse(ctx context.Context, token string) (*jwt
// Check if the parsed token is valid... // Check if the parsed token is valid...
if !parsedToken.Valid { if !parsedToken.Valid {
errorMsg := "token is invalid" errorMsg := "token is invalid"
log.WithContext(ctx).Debugf(errorMsg) log.WithContext(ctx).Debug(errorMsg)
return nil, errors.New(errorMsg) return nil, errors.New(errorMsg)
} }

View File

@ -60,7 +60,7 @@ func (am *DefaultAccountManager) SavePostureChecks(ctx context.Context, accountI
} }
if err := postureChecks.Validate(); err != nil { if err := postureChecks.Validate(); err != nil {
return status.Errorf(status.InvalidArgument, err.Error()) return status.Errorf(status.InvalidArgument, err.Error()) //nolint
} }
exists, uniqName := am.savePostureChecks(account, postureChecks) exists, uniqName := am.savePostureChecks(account, postureChecks)

View File

@ -10,5 +10,5 @@ import (
// Listen is not supported on other platforms then Linux // Listen is not supported on other platforms then Linux
func Listen(port int, filter BPFFilter) (net.PacketConn, error) { func Listen(port int, filter BPFFilter) (net.PacketConn, error) {
return nil, fmt.Errorf(fmt.Sprintf("Not supported OS %s. SharedSocket is only supported on Linux", runtime.GOOS)) return nil, fmt.Errorf("not supported OS %s. SharedSocket is only supported on Linux", runtime.GOOS)
} }