/
ssh_transport.go
190 lines (158 loc) · 5.05 KB
/
ssh_transport.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
// Copyright (c) Facebook, Inc. and its affiliates.
//
// This source code is licensed under the MIT license found in the
// LICENSE file in the root directory of this source tree.
package transport
import (
"fmt"
"io/ioutil"
"net"
"os"
"strconv"
"time"
"github.com/google/uuid"
"github.com/insomniacslk/xjson"
"github.com/pkg/sftp"
"golang.org/x/crypto/ssh"
"github.com/linuxboot/contest/pkg/xcontext"
)
type SSHTransportConfig struct {
Host string `json:"host,omitempty"`
Port int `json:"port,omitempty"`
User string `json:"user,omitempty"`
Password string `json:"password,omitempty"`
IdentityFile string `json:"identity_file,omitempty"`
Timeout xjson.Duration `json:"timeout,omitempty"`
SendBinary bool `json:"send_binary,omitempty"`
Async *struct {
Agent string `json:"agent,omitempty"`
TimeQuota xjson.Duration `json:"time_quota,omitempty"`
} `json:"async,omitempty"`
}
func DefaultSSHTransportConfig() SSHTransportConfig {
return SSHTransportConfig{
Port: 22,
Timeout: xjson.Duration(10 * time.Minute),
}
}
type SSHTransport struct {
SSHTransportConfig
}
func NewSSHTransport(config SSHTransportConfig) Transport {
return &SSHTransport{config}
}
func (st *SSHTransport) NewProcess(ctx xcontext.Context, bin string, args []string) (Process, error) {
var signer ssh.Signer
if st.IdentityFile != "" {
key, err := ioutil.ReadFile(st.IdentityFile)
if err != nil {
return nil, fmt.Errorf("cannot read private key at %s: %v", st.IdentityFile, err)
}
signer, err = ssh.ParsePrivateKey(key)
if err != nil {
return nil, fmt.Errorf("cannot parse private key: %v", err)
}
}
auth := []ssh.AuthMethod{}
if signer != nil {
auth = append(auth, ssh.PublicKeys(signer))
}
if st.Password != "" {
auth = append(auth, ssh.Password(st.Password))
}
addr := net.JoinHostPort(st.Host, strconv.Itoa(st.Port))
clientConfig := &ssh.ClientConfig{
User: st.User,
Auth: auth,
// TODO expose this in the plugin arguments
//HostKeyCallback: ssh.FixedHostKey(hostKey),
HostKeyCallback: ssh.InsecureIgnoreHostKey(),
Timeout: time.Duration(st.Timeout),
}
// stack mechanism similar to defer, but run after the exec process ends
stack := newDeferedStack()
client, err := ssh.Dial("tcp", addr, clientConfig)
if err != nil {
return nil, fmt.Errorf("cannot connect to SSH server %s: %v", addr, err)
}
// cleanup the ssh client after the operations have ended
stack.Add(func() {
if err := client.Close(); err != nil {
ctx.Warnf("failed to close SSH client: %w", err)
}
})
if st.SendBinary {
if err := checkBinary(bin); err != nil {
return nil, err
}
bin, err = st.sendFile(ctx, client, bin, 0500)
if err != nil {
return nil, fmt.Errorf("cannot send binary to remote ssh: %w", err)
}
// cleanup the sent file so we don't leave hanging files around
stack.Add(func() {
ctx.Debugf("cleaning remote file: %s", bin)
if err := st.unlinkFile(ctx, client, bin); err != nil {
ctx.Warnf("failed to cleanup remote file: %w", err)
}
})
}
if st.Async != nil {
return st.newAsync(ctx, client, addr, clientConfig, bin, args, stack)
}
return st.new(ctx, client, bin, args, stack)
}
func (st *SSHTransport) new(ctx xcontext.Context, client *ssh.Client, bin string, args []string, stack *deferedStack) (Process, error) {
return newSSHProcess(ctx, client, bin, args, stack)
}
func (st *SSHTransport) newAsync(
ctx xcontext.Context,
client *ssh.Client, addr string, clientConfig *ssh.ClientConfig,
bin string, args []string,
stack *deferedStack,
) (Process, error) {
// we always need the agent for the async case
agent, err := st.sendFile(ctx, client, st.Async.Agent, 0500)
if err != nil {
return nil, fmt.Errorf("failed to send agent: %w", err)
}
stack.Add(func() {
ctx.Debugf("cleaning async agent: %s", agent)
if err := st.unlinkFile(ctx, client, agent); err != nil {
ctx.Warnf("failed to cleanup asyng agent: %w", err)
}
})
return newSSHProcessAsync(ctx, addr, clientConfig, agent, st.Async.TimeQuota, bin, args, stack)
}
func (st *SSHTransport) sendFile(ctx xcontext.Context, client *ssh.Client, bin string, mode os.FileMode) (string, error) {
sftp, err := sftp.NewClient(client)
if err != nil {
return "", fmt.Errorf("failed to create sftp client: %w", err)
}
defer sftp.Close()
remoteBin := fmt.Sprintf("/tmp/exec_bin_%s", uuid.New().String())
fout, err := sftp.Create(remoteBin)
if err != nil {
return "", fmt.Errorf("failed to create sftp file: %w", err)
}
defer fout.Close()
fin, err := os.Open(bin)
if err != nil {
return "", fmt.Errorf("cannot open source bin file: %w", err)
}
defer fin.Close()
ctx.Debugf("sending file to remote: %s", remoteBin)
_, err = fout.ReadFrom(fin)
if err != nil {
return "", fmt.Errorf("failed to send file: %w", err)
}
return remoteBin, fout.Chmod(mode)
}
func (st *SSHTransport) unlinkFile(ctx xcontext.Context, client *ssh.Client, bin string) error {
sftp, err := sftp.NewClient(client)
if err != nil {
return fmt.Errorf("failed to create sftp client: %w", err)
}
defer sftp.Close()
return sftp.Remove(bin)
}