fix(build): fix ssh auth sock validation (#6599)

Signed-off-by: Yaroslav Pershin <62902094+iapershin@users.noreply.github.com>

Author: iapershin

pkg/ssh_agent/ssh_agent.go

@@ -2,6 +2,7 @@ package ssh_agent
 
 import (
 	"context"
+	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -31,6 +32,11 @@ var (
 	tmpSockPath string
 )
 
+var (
+	ErrSocketPathTooLong = errors.New("system ssh-agent socket path length exceeds the limit")
+	ErrSocketPathEmpty   = errors.New("system ssh-agent socket path is empty")
+)
+
 func setupProcessSSHAgent(sshAuthSock string) error {
 	SSHAuthSock = sshAuthSock
 	return os.Setenv(SSHAuthSockEnv, SSHAuthSock)
@@ -134,8 +140,15 @@ func Init(ctx context.Context, userKeys []string) error {
 	}
 
 	systemAgentSock := os.Getenv(SSHAuthSockEnv)
-	systemAgentSockExists, _ := util.FileExists(systemAgentSock)
-	if systemAgentSock != "" && systemAgentSockExists {
+	validSystemAgentSock, err := validateAgentSock(systemAgentSock)
+	if err != nil {
+		if errors.Is(err, ErrSocketPathEmpty) {
+			logboek.Context(ctx).Debug().LogF("System ssh agent not found\n")
+		} else {
+			return err
+		}
+	}
+	if systemAgentSock != "" && validSystemAgentSock {
 		SSHAuthSock = systemAgentSock
 		logboek.Context(ctx).Info().LogF("Using system ssh-agent: %s\n", systemAgentSock)
 		return nil
@@ -198,18 +211,17 @@ func runSSHAgentWithKeys(ctx context.Context, keys []sshKey) (string, error) {
 }
 
 func runSSHAgent(ctx context.Context) (string, error) {
-	var sockPath string
-	// darwin does not support path more than 108 characters
-	if runtime.GOOS == "darwin" {
-		// TODO(iapershin): needs refactoring. since user can change tmpDir we want to prevent it from setting path more than 108 chars
-		sockPath = filepath.Join(os.TempDir(), "werf", "Listeners", uuid.NewString())
-	} else {
-		sockPath = filepath.Join(werf.GetTmpDir(), "werf-ssh-agent", uuid.NewString())
+	sockPath := filepath.Join(werf.GetTmpDir(), "werf-ssh-agent", uuid.NewString())
+	err := validateSockPathLength(sockPath)
+	if err != nil {
+		logboek.Context(ctx).Warn().LogF("WARNING: unable to use unix sock path %s: %s\n", sockPath, err)
+		sockPath = fallbackToDefaultUnix()
+		logboek.Context(ctx).Warn().LogF("WARNING: fallback to %s\n", sockPath)
 	}
 
 	tmpSockPath = sockPath
 
-	err := os.MkdirAll(filepath.Dir(sockPath), os.ModePerm)
+	err = os.MkdirAll(filepath.Dir(sockPath), os.ModePerm)
 	if err != nil {
 		return "", err
 	}
@@ -310,3 +322,53 @@ func parsePrivateSSHKey(cfg sshKeyConfig) (sshKey, error) {
 
 	return sshKey{Config: cfg, PrivateKey: privateKey}, nil
 }
+
+func validateAgentSock(sock string) (bool, error) {
+	if sock == "" {
+		return false, ErrSocketPathEmpty
+	}
+
+	err := validateSockPathLength(sock)
+	if err != nil {
+		return false, fmt.Errorf("unable to use system ssh sock '%s': %w", sock, err)
+	}
+
+	if runtime.GOOS != "windows" {
+		info, err := os.Stat(sock)
+		if err != nil {
+			return false, err
+		}
+
+		if info.Mode()&os.ModeSocket == 0 {
+			return false, fmt.Errorf("system ssh-agent socket `%s` is not a socket", sock)
+		}
+	}
+	conn, err := net.Dial("unix", sock)
+	if err != nil {
+		return false, fmt.Errorf("unable to connect to system ssh-agent socket %s: %w", sock, err)
+	}
+	defer conn.Close()
+
+	return true, nil
+}
+
+func getUnixSocketPathLimit() int {
+	switch runtime.GOOS {
+	case "darwin", "freebsd", "openbsd", "netbsd":
+		return 104
+	default:
+		return 108
+	}
+}
+
+func validateSockPathLength(sockPath string) error {
+	if len(sockPath) > getUnixSocketPathLimit() {
+		return ErrSocketPathTooLong
+	}
+	return nil
+}
+
+func fallbackToDefaultUnix() string {
+	// since user can change tmpDir we want to prevent it from setting path more than 104/108 chars
+	return filepath.Join(os.TempDir(), "werf-ssh-agent", uuid.NewString())
+}

pkg/ssh_agent/ssh_agent_test.go

@@ -0,0 +1,98 @@
+package ssh_agent
+
+import (
+	"context"
+	"os"
+	"runtime"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/werf/werf/v2/pkg/werf"
+)
+
+const (
+	longPath = "/tmp/werf-test-agent-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+)
+
+func TestLinuxFallback_with_SSHenv(t *testing.T) {
+	if os.Getenv(SSHAuthSockEnv) == "" {
+		t.Skip("Skipping test because SSH_AUTH_SOCK is not set")
+	}
+	ctx := context.Background()
+	err := runTest(ctx, t, false, false, func() {
+		valid, err := validateAgentSock(SSHAuthSock)
+		assert.NoError(t, err)
+		assert.True(t, valid)
+	})
+	assert.NoError(t, err)
+}
+
+func TestLinuxFallback_without_SSHenv_wildTmpPath(t *testing.T) {
+	ctx := context.Background()
+	err := runTest(ctx, t, false, false, func() {
+		if SSHAuthSock == "" {
+			return
+		}
+		valid, err := validateAgentSock(SSHAuthSock)
+		assert.NoError(t, err)
+		assert.True(t, valid)
+	})
+	assert.NoError(t, err)
+}
+
+func TestLinuxFallback_with_SSHenv_wildTmpPath(t *testing.T) {
+	if os.Getenv(SSHAuthSockEnv) == "" {
+		t.Skip("Skipping test because SSH_AUTH_SOCK is not set")
+	}
+	ctx := context.Background()
+	err := runTest(ctx, t, false, false, func() {
+		valid, err := validateAgentSock(SSHAuthSock)
+		assert.NoError(t, err)
+		assert.True(t, valid)
+	})
+	assert.NoError(t, err)
+}
+
+func TestLinuxFallback_withLongSSHenv(t *testing.T) {
+	ctx := context.Background()
+	os.Setenv(SSHAuthSockEnv, longPath)
+	err := runTest(ctx, t, false, false, func() {})
+	assert.Error(t, err)
+}
+
+func runTest(ctx context.Context, t *testing.T, unsetSSHenv, wildTmpPath bool, validationfunc func()) error {
+	if unsetSSHenv {
+		os.Unsetenv("SSH_AUTH_SOCK")
+	}
+	if runtime.GOOS != "linux" && runtime.GOOS != "darwin" {
+		t.Skip("Skipping test on non-linux OS")
+	}
+
+	home, _ := os.UserHomeDir()
+
+	testPath := "/tmp/werf-test-agent"
+	if wildTmpPath {
+		testPath = longPath
+	}
+
+	err := os.MkdirAll(testPath, os.ModePerm)
+	if err != nil {
+		return err
+	}
+	defer os.RemoveAll(testPath)
+
+	err = werf.Init(testPath, home)
+	if err != nil {
+		return err
+	}
+
+	err = Init(ctx, []string{})
+	if err != nil {
+		return err
+	}
+
+	validationfunc()
+
+	return nil
+}