mirror of
https://github.com/fosrl/pangolin.git
synced 2026-02-26 06:46:40 +00:00
set auth daemon type on resource
This commit is contained in:
@@ -25,7 +25,8 @@ import {
|
||||
loginPageOrg,
|
||||
orgs,
|
||||
resources,
|
||||
roles
|
||||
roles,
|
||||
siteResources
|
||||
} from "@server/db";
|
||||
import { eq } from "drizzle-orm";
|
||||
|
||||
@@ -320,17 +321,9 @@ async function disableDeviceApprovals(orgId: string): Promise<void> {
|
||||
}
|
||||
|
||||
async function disableSshPam(orgId: string): Promise<void> {
|
||||
await db
|
||||
.update(roles)
|
||||
.set({
|
||||
sshSudoMode: "none",
|
||||
sshSudoCommands: "[]",
|
||||
sshCreateHomeDir: false,
|
||||
sshUnixGroups: "[]"
|
||||
})
|
||||
.where(eq(roles.orgId, orgId));
|
||||
|
||||
logger.info(`Disabled SSH PAM options on all roles for org ${orgId}`);
|
||||
logger.info(
|
||||
`Disabled SSH PAM options on all roles and site resources for org ${orgId}`
|
||||
);
|
||||
}
|
||||
|
||||
async function disableLoginPageBranding(orgId: string): Promise<void> {
|
||||
|
||||
@@ -514,7 +514,7 @@ authenticated.post(
|
||||
verifyValidSubscription(tierMatrix.sshPam),
|
||||
verifyOrgAccess,
|
||||
verifyLimits,
|
||||
// verifyUserHasAction(ActionsEnum.signSshKey),
|
||||
verifyUserHasAction(ActionsEnum.signSshKey),
|
||||
logActionAudit(ActionsEnum.signSshKey),
|
||||
ssh.signSshKey
|
||||
);
|
||||
|
||||
@@ -22,7 +22,7 @@ import {
|
||||
sites,
|
||||
userOrgs
|
||||
} from "@server/db";
|
||||
import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
|
||||
import { isLicensedOrSubscribed } from "#private/lib/isLicencedOrSubscribed";
|
||||
import { tierMatrix } from "@server/lib/billing/tierMatrix";
|
||||
import response from "@server/lib/response";
|
||||
import HttpCode from "@server/types/HttpCode";
|
||||
@@ -35,8 +35,6 @@ import { canUserAccessSiteResource } from "@server/auth/canUserAccessSiteResourc
|
||||
import { signPublicKey, getOrgCAKeys } from "#private/lib/sshCA";
|
||||
import config from "@server/lib/config";
|
||||
import { sendToClient } from "#private/routers/ws";
|
||||
import { groups } from "d3";
|
||||
import { homedir } from "os";
|
||||
|
||||
const paramsSchema = z.strictObject({
|
||||
orgId: z.string().nonempty()
|
||||
@@ -402,7 +400,8 @@ export async function signSshKey(
|
||||
data: {
|
||||
messageId: message.messageId,
|
||||
orgId: orgId,
|
||||
agentPort: 22123,
|
||||
agentPort: resource.authDaemonPort ?? 22123,
|
||||
externalAuthDaemon: resource.authDaemonMode === "remote",
|
||||
agentHost: resource.destination,
|
||||
caCert: caKeys.publicKeyOpenSSH,
|
||||
username: usernameToUse,
|
||||
|
||||
Reference in New Issue
Block a user