works kinda?

tailscale · May 9, 2024 · 58589f7 · 58589f7
1 parent 5a0baa0
commit 58589f7
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 5 deletions.
diff --git a/ssh/tailssh/tailssh.go b/ssh/tailssh/tailssh.go
@@ -445,7 +445,8 @@ func (srv *server) newConn() (*conn, error) {
 	c := &conn{srv: srv}
 	now := srv.now()
 	c.connID = fmt.Sprintf("ssh-conn-%s-%02x", now.UTC().Format("20060102T150405"), randBytes(5))
-	fwdHandler := &ssh.ForwardedTCPHandler{}
+	fwdHandlerTCP := &ssh.ForwardedTCPHandler{}
+	fwdHandlerUnix := &ssh.ForwardedUnixHandler{}
 	c.Server = &ssh.Server{
 		Version:              "Tailscale",
 		ServerConfigCallback: c.ServerConfig,
@@ -470,10 +471,10 @@ func (srv *server) newConn() (*conn, error) {
 			"direct-streamlocal@openssh.com": ssh.DirectStreamLocalHandler,
 		},
 		RequestHandlers: map[string]ssh.RequestHandler{
-			"tcpip-forward":                          fwdHandler.HandleSSHRequest,
-			"cancel-tcpip-forward":                   fwdHandler.HandleSSHRequest,
-			"streamlocal-forward@openssh.com":        fwdHandler.HandleSSHRequest,
-			"cancel-streamlocal-forward@openssh.com": fwdHandler.HandleSSHRequest,
+			"tcpip-forward":                          fwdHandlerTCP.HandleSSHRequest,
+			"cancel-tcpip-forward":                   fwdHandlerTCP.HandleSSHRequest,
+			"streamlocal-forward@openssh.com":        fwdHandlerUnix.HandleSSHRequest,
+			"cancel-streamlocal-forward@openssh.com": fwdHandlerUnix.HandleSSHRequest,
 		},
 	}
 	ss := c.Server

diff --git a/tempfork/gliderlabs/ssh/streamlocal.go b/tempfork/gliderlabs/ssh/streamlocal.go
@@ -2,11 +2,14 @@ package ssh
 
 import (
 	"context"
+	"errors"
 	"fmt"
+	"io/fs"
 	"net"
 	"os"
 	"path/filepath"
 	"sync"
+	"syscall"
 
 	gossh "github.com/tailscale/golang-x-crypto/ssh"
 )
@@ -128,6 +131,17 @@ func (h *ForwardedUnixHandler) HandleSSHRequest(ctx Context, srv *Server, req *g
 			return false, nil
 		}
 
+		// TODO: properly cross-reference coders impl to ensure this is all working properly
+		// Remove existing socket if it exists. We do not use os.Remove() here
+		// so that directories are kept. Note that it's possible that we will
+		// overwrite a regular file here. Both of these behaviors match OpenSSH,
+		// however, which is why we unlink.
+		err = unlink(addr)
+		if err != nil && !errors.Is(err, fs.ErrNotExist) {
+			// TODO: log
+			return false, nil
+		}
+
 		ln, err := net.Listen("unix", addr)
 		if err != nil {
 			// TODO: log unix listen failure
@@ -202,3 +216,15 @@ func (h *ForwardedUnixHandler) HandleSSHRequest(ctx Context, srv *Server, req *g
 		return false, nil
 	}
 }
+
+		// unlink removes files and unlike os.Remove, directories are kept.
+		func unlink(path string) error {
+			// Ignore EINTR like os.Remove, see ignoringEINTR in os/file_posix.go
+			// for more details.
+			for {
+				err := syscall.Unlink(path)
+				if !errors.Is(err, syscall.EINTR) {
+					return err
+				}
+			}
+		}