warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2025-09-05 22:24:51 +08:00
Code Issues Projects Releases Packages Wiki Activity

dependency bumps (#1362)

Browse source
This commit is contained in:
Eugene 2025-06-04 08:44:48 +02:00 committed by GitHub
parent 45a8a5e1b2
commit 450b3066d8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
24 changed files with 899 additions and 960 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1708
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

10
Cargo.toml
View file

@ -24,7 +24,7 @@ bytes = "1.4"
data-encoding = "2.3"
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
russh = { version = "0.50.2", features = ["des"] }
russh = { version = "0.52.1", features = ["des"] }
futures = "0.3"
tokio-stream = { version = "0.1.17", features = ["net"] }
tokio-rustls = "0.26"
@ -43,10 +43,16 @@ poem = { version = "3.1", features = [
"rustls",
"embed",
] }
password-hash = { version = "0.4", features = ["std"] }
password-hash = { version = "0.5", features = ["std"] }
delegate = "0.13"
tracing = "0.1"
schemars = "0.9.0"
rustls-pemfile = "2.2"
thiserror = "2"
rand = "0.8"
rand_chacha = "0.3"
rand_core = { version = "0.6", features = ["std"] }
dialoguer = "0.11"
[profile.release]
lto = true

1
deny.toml
View file

@ -203,6 +203,7 @@ allow = [
"CC0-1.0",
"LGPL-3.0",
"MPL-2.0",
"CDLA-Permissive-2.0",
]
[[licenses.clarify]]

2
warpgate-admin/Cargo.toml
View file

@ -24,7 +24,7 @@ rust-embed = "8.3"
sea-orm.workspace = true
serde.workspace = true
serde_json.workspace = true
thiserror = "1.0"
thiserror.workspace = true
tokio = { version = "1.20", features = ["tracing"] }
tracing.workspace = true
uuid = { version = "1.3", features = ["v4", "serde"] }

10
warpgate-common/Cargo.toml
View file

@ -27,15 +27,15 @@ poem-openapi = { version = "5.1", features = [
"uuid",
"static-files",
] }
rand = "0.8"
rand_chacha = "0.3"
rand_core = { version = "0.6", features = ["std"] }
rand.workspace = true
rand_chacha.workspace = true
rand_core.workspace = true
russh.workspace = true
rustls-native-certs = "0.8"
sea-orm.workspace = true
serde.workspace = true
serde_json.workspace = true
thiserror = "1.0"
thiserror.workspace = true
tokio = { version = "1.20", features = ["tracing"] }
tokio-rustls.workspace = true
totp-rs = { version = "5.0", features = ["otpauth"] }
@ -45,7 +45,7 @@ url = "2.2"
uuid = { version = "1.3", features = ["v4", "serde"] }
warpgate-sso = { version = "*", path = "../warpgate-sso" }
rustls.workspace = true
rustls-pemfile = "1.0"
rustls-pemfile.workspace = true
webpki = "0.22"
tokio-stream.workspace = true
git-version = "0.3.9"

41
warpgate-common/src/tls/cert.rs
View file

@ -33,12 +33,9 @@ impl TlsCertificateBundle {
}
pub fn from_bytes(bytes: Vec<u8>) -> Result<Self, RustlsSetupError> {
let certificates = rustls_pemfile::certs(&mut &bytes[..]).map(|mut certs| {
certs
.drain(..)
.map(CertificateDer::from)
.collect::<Vec<CertificateDer>>()
})?;
let certificates = rustls_pemfile::certs(&mut &bytes[..])
.collect::<Result<Vec<CertificateDer<'static>>, _>>()?;
if certificates.is_empty() {
return Err(RustlsSetupError::NoCertificates);
}
@ -58,24 +55,22 @@ impl TlsPrivateKey {
}
pub fn from_bytes(bytes: Vec<u8>) -> Result<Self, RustlsSetupError> {
let mut key = rustls_pemfile::pkcs8_private_keys(&mut bytes.as_slice())?
.drain(..)
.next()
.and_then(|x| PrivateKeyDer::try_from(x).ok());
if key.is_none() {
key = rustls_pemfile::ec_private_keys(&mut bytes.as_slice())?
.drain(..)
.next()
.and_then(|x| PrivateKeyDer::try_from(x).ok());
}
if key.is_none() {
key = rustls_pemfile::rsa_private_keys(&mut bytes.as_slice())?
.drain(..)
.next()
.and_then(|x| PrivateKeyDer::try_from(x).ok());
let key = match rustls_pemfile::pkcs8_private_keys(&mut bytes.as_slice()).next() {
Some(Ok(key)) => Some(PrivateKeyDer::from(key)),
_ => None,
}
.or_else(
|| match rustls_pemfile::ec_private_keys(&mut bytes.as_slice()).next() {
Some(Ok(key)) => Some(PrivateKeyDer::from(key)),
_ => None,
},
)
.or_else(
|| match rustls_pemfile::rsa_private_keys(&mut bytes.as_slice()).next() {
Some(Ok(key)) => Some(PrivateKeyDer::from(key)),
_ => None,
},
);
let key = key.ok_or(RustlsSetupError::NoKeys)?;
let key = rustls::crypto::aws_lc_rs::sign::any_supported_type(&key)?;

4
warpgate-common/src/tls/rustls_helpers.rs
View file

@ -40,8 +40,8 @@ pub async fn configure_tls_connector(
if let Some(data) = root_cert {
let mut cursor = Cursor::new(data);
for cert in rustls_pemfile::certs(&mut cursor)? {
cert_store.add(CertificateDer::from(cert))?;
for cert in rustls_pemfile::certs(&mut cursor) {
cert_store.add(cert?)?;
}
}

11
warpgate-core/Cargo.toml
View file

@ -15,6 +15,7 @@ async-trait = "0.1"
bytes.workspace = true
chrono = { version = "0.4", default-features = false, features = ["serde"] }
data-encoding.workspace = true
dialoguer.workspace = true
enum_dispatch.workspace = true
humantime-serde = "1.1"
futures.workspace = true
@ -28,13 +29,13 @@ poem-openapi = { version = "5.1", features = [
"uuid",
"static-files",
] }
rand = "0.8"
rand_chacha = "0.3"
rand_core = { version = "0.6", features = ["std"] }
rand.workspace = true
rand_chacha.workspace = true
rand_core.workspace = true
sea-orm.workspace = true
serde.workspace = true
serde_json.workspace = true
thiserror = "1.0"
thiserror.workspace = true
tokio = { version = "1.20", features = ["tracing"] }
totp-rs = { version = "5.0", features = ["otpauth"] }
tracing.workspace = true
@ -44,7 +45,7 @@ url = "2.2"
uuid = { version = "1.3", features = ["v4", "serde"] }
warpgate-sso = { version = "*", path = "../warpgate-sso" }
rustls.workspace = true
rustls-pemfile = "1.0"
rustls-pemfile.workspace = true
webpki = "0.22"
[features]

2
warpgate-core/src/protocols/mod.rs
View file

@ -18,6 +18,8 @@ pub enum TargetTestError {
Misconfigured(String),
#[error("I/O: {0}")]
Io(#[from] std::io::Error),
#[error("dialoguer: {0}")]
Dialoguer(#[from] dialoguer::Error),
}
pub trait ProtocolServer {

4
warpgate-database-protocols/Cargo.toml
View file

@ -13,7 +13,7 @@ authors = [
[dependencies]
tokio = { version = "1.20", features = ["io-util"] }
bitflags = { version = "1.3", default-features = false }
bitflags = { version = "2", default-features = false }
bytes.workspace = true
futures-core = { version = "0.3", default-features = false }
futures-util = { version = "0.3", default-features = false, features = [
@ -21,4 +21,4 @@ futures-util = { version = "0.3", default-features = false, features = [
"sink",
] }
memchr = { version = "2.5", default-features = false }
thiserror = "1.0"
thiserror.workspace = true

1
warpgate-database-protocols/src/mysql/protocol/capabilities.rs
View file

@ -1,6 +1,7 @@
// https://dev.mysql.com/doc/dev/mysql-server/8.0.12/group__group__cs__capabilities__flags.html
// https://mariadb.com/kb/en/library/connection/#capabilities
bitflags::bitflags! {
#[derive(PartialEq, Eq, PartialOrd, Ord, Hash, Debug, Clone, Copy)]
pub struct Capabilities: u64 {
// [MariaDB] MySQL compatibility
const MYSQL = 1;

1
warpgate-database-protocols/src/mysql/protocol/response/status.rs
View file

@ -1,6 +1,7 @@
// https://dev.mysql.com/doc/dev/mysql-server/8.0.12/mysql__com_8h.html#a1d854e841086925be1883e4d7b4e8cad
// https://mariadb.com/kb/en/library/mariadb-connectorc-types-and-definitions/#server-status
bitflags::bitflags! {
#[derive(PartialEq, Eq, PartialOrd, Ord, Hash, Debug, Clone, Copy)]
pub struct Status: u16 {
// Is raised when a multi-statement transaction has been started, either explicitly,
// by means of BEGIN or COMMIT AND CHAIN, or implicitly, by the first

1
warpgate-database-protocols/src/mysql/protocol/text/column.rs
View file

@ -12,6 +12,7 @@ use crate::mysql::protocol::Capabilities;
// https://dev.mysql.com/doc/dev/mysql-server/8.0.12/group__group__cs__column__definition__flags.html
bitflags! {
#[derive(PartialEq, Eq, PartialOrd, Ord, Hash, Debug, Clone, Copy)]
pub struct ColumnFlags: u16 {
/// Field can't be `NULL`.
const NOT_NULL = 1;

6
warpgate-protocol-mysql/Cargo.toml
View file

@ -18,12 +18,12 @@ uuid = { version = "1.3", features = ["v4"] }
bytes.workspace = true
mysql_common = { version = "0.34", default-features = false }
flate2 = { version = "1", features = ["zlib"] } # flate2 requires a backend selection feature, but mysql_common does not depend on any when default-features = false
rand = "0.8"
rand.workspace = true
sha1 = "0.10"
password-hash.workspace = true
rustls.workspace = true
rustls-pemfile = "1.0"
rustls-pemfile.workspace = true
tokio-rustls.workspace = true
thiserror = "1.0"
thiserror.workspace = true
webpki = "0.22"
once_cell = "1.17"

4
warpgate-protocol-postgres/Cargo.toml
View file

@ -14,9 +14,9 @@ tracing.workspace = true
uuid = { version = "1.2" }
bytes.workspace = true
rustls.workspace = true
rustls-pemfile = "1.0"
rustls-pemfile.workspace = true
tokio-rustls.workspace = true
thiserror = "1.0"
thiserror.workspace = true
rustls-native-certs = "0.8"
pgwire = { version = "0.28" }
rsasl = { version = "2.1.0", default-features = false, features = ["config_builder", "scram-sha-2", "std", "plain", "provider"] }

4
warpgate-protocol-ssh/Cargo.toml
View file

@ -10,13 +10,13 @@ anyhow = { version = "1.0", features = ["std"] }
async-trait = "0.1"
bimap = "0.6"
bytes.workspace = true
dialoguer = "0.10"
dialoguer.workspace = true
curve25519-dalek = "4.0.0" # pin due to build fail on x86
ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1
futures.workspace = true
russh.workspace = true
sea-orm.workspace = true
thiserror = "1.0"
thiserror.workspace = true
time = "0.3"
tokio = { version = "1.20", features = ["tracing", "signal"] }
tracing.workspace = true

2
warpgate-protocol-ssh/src/client/mod.rs
View file

@ -655,6 +655,7 @@ impl RemoteClient {
}
AuthResult::Failure {
remaining_methods: methods,
..
} => {
debug!("Initial auth failed, checking remaining methods");
for method in methods.iter() {
@ -693,6 +694,7 @@ impl RemoteClient {
}
KeyboardInteractiveAuthResponse::Failure {
remaining_methods: _remaining_methods,
..
} => {
debug!("keyboard-interactive challenge failed");
return Ok(false);

4
warpgate-protocol-ssh/src/server/russh_handler.rs
View file

@ -193,9 +193,7 @@ impl russh::server::Handler for ServerHandler {
tx,
))?;
Ok(rx.await.unwrap_or(Auth::Reject {
proceed_with_methods: None,
}))
Ok(rx.await.unwrap_or(Auth::reject()))
}
async fn auth_publickey(

22
warpgate-protocol-ssh/src/server/session.rs
View file

@ -1297,10 +1297,9 @@ impl ServerSession {
match self.try_auth_lazy(&selector, None).await {
Ok(AuthResult::Need(kinds)) => russh::server::Auth::Reject {
proceed_with_methods: Some(self.get_remaining_auth_methods(kinds)),
partial_success: false,
},
_ => russh::server::Auth::Reject {
proceed_with_methods: None,
},
_ => russh::server::Auth::reject(),
}
}
@ -1341,14 +1340,17 @@ impl ServerSession {
}
Ok(AuthResult::Rejected) => russh::server::Auth::Reject {
proceed_with_methods: Some(MethodSet::all()),
partial_success: false,
},
Ok(AuthResult::Need(kinds)) => russh::server::Auth::Reject {
proceed_with_methods: Some(self.get_remaining_auth_methods(kinds)),
partial_success: false,
},
Err(error) => {
error!(?error, "Failed to verify credentials");
russh::server::Auth::Reject {
proceed_with_methods: None,
partial_success: false,
}
}
}
@ -1367,16 +1369,16 @@ impl ServerSession {
.await
{
Ok(AuthResult::Accepted { .. }) => russh::server::Auth::Accept,
Ok(AuthResult::Rejected) => russh::server::Auth::Reject {
proceed_with_methods: None,
},
Ok(AuthResult::Rejected) => russh::server::Auth::reject(),
Ok(AuthResult::Need(kinds)) => russh::server::Auth::Reject {
proceed_with_methods: Some(self.get_remaining_auth_methods(kinds)),
partial_success: false,
},
Err(error) => {
error!(?error, "Failed to verify credentials");
russh::server::Auth::Reject {
proceed_with_methods: None,
partial_success: false,
}
}
}
@ -1409,9 +1411,7 @@ impl ServerSession {
match self.try_auth_lazy(&selector, cred).await {
Ok(AuthResult::Accepted { .. }) => russh::server::Auth::Accept,
Ok(AuthResult::Rejected) => russh::server::Auth::Reject {
proceed_with_methods: None,
},
Ok(AuthResult::Rejected) => russh::server::Auth::reject(),
Ok(AuthResult::Need(kinds)) => {
if kinds.contains(&CredentialKind::Totp) {
self.keyboard_interactive_state = KeyboardInteractiveState::OtpRequested;
@ -1424,6 +1424,7 @@ impl ServerSession {
let Some(auth_state) = self.auth_state.as_ref() else {
return russh::server::Auth::Reject {
proceed_with_methods: None,
partial_success: false,
};
};
let identification_string =
@ -1448,6 +1449,7 @@ impl ServerSession {
error!(?error, "Failed to construct external URL");
return russh::server::Auth::Reject {
proceed_with_methods: None,
partial_success: false,
};
}
};
@ -1474,6 +1476,7 @@ impl ServerSession {
} else {
russh::server::Auth::Reject {
proceed_with_methods: None,
partial_success: false,
}
}
}
@ -1481,6 +1484,7 @@ impl ServerSession {
error!(?error, "Failed to verify credentials");
russh::server::Auth::Reject {
proceed_with_methods: None,
partial_success: false,
}
}
}

2
warpgate-sso/Cargo.toml
View file

@ -6,7 +6,7 @@ version = "0.14.0"
[dependencies]
bytes.workspace = true
thiserror = "1.0"
thiserror.workspace = true
tokio = { version = "1.20", features = ["tracing", "macros"] }
tracing.workspace = true
openidconnect = { version = "4.0", default-features = false, features = [

2
warpgate-web/Cargo.toml
View file

@ -8,4 +8,4 @@ version = "0.14.0"
serde.workspace = true
rust-embed = "8.3"
serde_json.workspace = true
thiserror = "1.0"
thiserror.workspace = true

6
warpgate/Cargo.toml
View file

@ -12,12 +12,12 @@ bytes.workspace = true
clap = { version = "4.0", features = ["derive"] }
config = { version = "0.15", features = ["yaml"], default-features = false }
console = { version = "0.15", default-features = false }
console-subscriber = { version = "0.1", optional = true }
console-subscriber = { version = "0.4", optional = true }
data-encoding.workspace = true
dialoguer = "0.10"
dialoguer.workspace = true
enum_dispatch.workspace = true
futures.workspace = true
notify = "5.1"
notify = "8.0"
rcgen = { version = "0.13", features = ["zeroize"] }
rustls.workspace = true
serde_json.workspace = true

5
warpgate/src/commands/setup.rs
View file

@ -5,7 +5,7 @@ use std::io::Write;
use std::net::{Ipv6Addr, SocketAddr, ToSocketAddrs};
use std::path::{Path, PathBuf};
use anyhow::Result;
use anyhow::{Context, Result};
use dialoguer::theme::ColorfulTheme;
use rcgen::generate_simple_self_signed;
use sea_orm::{ActiveModelTrait, ColumnTrait, EntityTrait, QueryFilter, Set};
@ -31,7 +31,8 @@ fn prompt_endpoint(prompt: &str, default: ListenEndpoint) -> ListenEndpoint {
.default(format!("{default:?}"))
.with_prompt(prompt)
.interact_text()
.and_then(|v| v.to_socket_addrs());
.context("dialoguer")
.and_then(|v| v.to_socket_addrs().context("address resolution"));
match v {
Ok(mut addr) => match addr.next() {
Some(addr) => return ListenEndpoint::from(addr),

6
warpgate/src/commands/test_target.rs
View file

@ -50,15 +50,15 @@ pub(crate) async fn command(cli: &crate::Cli, target_name: &String) -> Result<()
Err(TargetTestError::ConnectionError(error)) => {
error!(?error, "Connection error");
}
Err(TargetTestError::Io(error)) => {
error!(?error, "I/O error");
}
Err(TargetTestError::Misconfigured(error)) => {
error!(?error, "Misconfigured");
}
Err(TargetTestError::Unreachable) => {
error!("Target is unreachable");
}
Err(other) => {
error!("Misc error: {other}");
}
Ok(()) => {
info!("Connection successful!");
return Ok(());