sshpoke/internal/server/driver/ssh/driver.go

217 lines
5.4 KiB
Go
Raw Normal View History

2023-11-17 20:39:00 +03:00
package ssh
import (
"context"
"errors"
"fmt"
2023-11-18 21:23:29 +03:00
"net"
"path"
"regexp"
2023-11-18 21:23:29 +03:00
"strconv"
2023-11-17 20:39:00 +03:00
"sync"
"github.com/Neur0toxine/sshpoke/internal/config"
"github.com/Neur0toxine/sshpoke/internal/server/driver/base"
2023-11-18 21:23:29 +03:00
"github.com/Neur0toxine/sshpoke/internal/server/driver/ssh/sshtun"
"github.com/Neur0toxine/sshpoke/internal/server/driver/ssh/types"
2023-11-17 20:39:00 +03:00
"github.com/Neur0toxine/sshpoke/internal/server/driver/util"
"github.com/Neur0toxine/sshpoke/pkg/dto"
2023-11-18 21:51:44 +03:00
"github.com/Neur0toxine/sshpoke/pkg/proto/ssh"
2023-11-17 20:39:00 +03:00
)
var ErrAlreadyInUse = errors.New("domain is already in use")
2023-11-17 20:39:00 +03:00
type SSH struct {
base.Base
params Params
auth []ssh.AuthMethod
conns map[string]conn
rw sync.RWMutex
wg sync.WaitGroup
domainRegExp *regexp.Regexp
2023-11-17 20:39:00 +03:00
}
2023-11-18 21:23:29 +03:00
type conn struct {
ctx context.Context
cancel func()
tun *sshtun.Tunnel
}
func New(ctx context.Context, name string, params config.DriverParams) (base.Driver, error) {
drv := &SSH{
2023-11-18 21:23:29 +03:00
Base: base.New(ctx, name),
conns: make(map[string]conn),
}
2023-11-17 20:39:00 +03:00
if err := util.UnmarshalParams(params, &drv.params); err != nil {
return nil, err
}
matcher, err := makeDomainCatchRegExp(drv.params.DomainExtractRegex)
if err != nil {
return nil, fmt.Errorf("invalid domain_extract_regex: %w", err)
}
drv.domainRegExp = matcher
drv.populateFromSSHConfig()
2023-11-18 21:23:29 +03:00
drv.auth = drv.authenticators()
2023-11-17 20:39:00 +03:00
return drv, nil
}
func (d *SSH) forward(val sshtun.Forward, domainMatcher func(string)) conn {
tun := sshtun.New(d.params.Address,
d.params.Auth.User,
val,
d.auth,
sshtun.SessionConfig{
NoPTY: d.params.NoPTY,
2023-11-19 14:12:39 +03:00
Shell: d.params.Shell,
FakeRemoteHost: d.params.FakeRemoteHost,
KeepAliveInterval: uint(d.params.KeepAlive.Interval),
KeepAliveMax: uint(d.params.KeepAlive.MaxAttempts),
},
d.Log())
2023-11-18 21:23:29 +03:00
ctx, cancel := context.WithCancel(d.Context())
tunDbgLog := d.Log().With("ssh-output", val.Remote.String())
go tun.Connect(ctx,
sshtun.BannerDebugLogCallback(tunDbgLog),
sshtun.OutputReaderCallback(func(msg string) {
d.Log().Debug(msg)
if domainMatcher != nil {
domainMatcher(msg)
}
}))
2023-11-18 21:23:29 +03:00
return conn{ctx: ctx, cancel: cancel, tun: tun}
}
func (d *SSH) makeDomainMatcherFunc(containerID string) func(string) {
if d.domainRegExp == nil {
return nil
}
return func(msg string) {
domain := d.domainRegExp.FindString(msg)
if domain == "" {
return
}
d.PushEventStatus(dto.EventStatus{
Type: dto.EventStart,
ID: containerID,
Domain: domain,
})
}
}
func (d *SSH) populateFromSSHConfig() {
if d.params.Auth.Directory == "" {
return
}
cfg, err := parseSSHConfig(types.SmartPath(path.Join(string(d.params.Auth.Directory), "config")))
if err != nil {
return
}
if user, err := cfg.Get(d.params.Address, "User"); err == nil && user != "" {
d.params.Auth.User = user
}
if usePass, err := cfg.Get(d.params.Address, "PasswordAuthentication"); err == nil && usePass == "yes" {
d.params.Auth.Type = types.AuthTypePassword
}
if keyfile, err := cfg.Get(d.params.Address, "IdentityFile"); err == nil && keyfile != "" {
resolvedKeyFile, err := types.SmartPath(keyfile).Resolve(false)
if err == nil {
d.params.Auth.Type = types.AuthTypeKey
d.params.Auth.Keyfile = resolvedKeyFile
}
}
2023-11-17 20:39:00 +03:00
}
func (d *SSH) Handle(event dto.Event) error {
2023-11-18 21:23:29 +03:00
defer d.rw.Unlock()
d.rw.Lock()
switch event.Type {
case dto.EventStart:
if d.params.Mode == types.DomainModeSingle && len(d.conns) > 0 {
return ErrAlreadyInUse
}
2023-11-18 21:23:29 +03:00
conn := d.forward(sshtun.Forward{
Local: d.localEndpoint(event.Container.IP, event.Container.Port),
2023-11-18 21:23:29 +03:00
Remote: d.remoteEndpoint(event.Container.RemoteHost),
}, d.makeDomainMatcherFunc(event.Container.ID))
2023-11-18 21:23:29 +03:00
d.conns[event.Container.ID] = conn
d.wg.Add(1)
case dto.EventStop:
conn, found := d.conns[event.Container.ID]
if !found {
return nil
}
conn.cancel()
delete(d.conns, event.Container.ID)
d.propagateStop(event.Container.ID)
2023-11-18 21:23:29 +03:00
d.wg.Done()
case dto.EventShutdown:
for id, conn := range d.conns {
conn.cancel()
delete(d.conns, id)
d.propagateStop(id)
2023-11-18 21:23:29 +03:00
d.wg.Done()
}
}
return nil
}
func (d *SSH) propagateStop(containerID string) {
d.PushEventStatus(dto.EventStatus{Type: dto.EventStop, ID: containerID})
}
func (d *SSH) localEndpoint(ip net.IP, port uint16) sshtun.Endpoint {
return sshtun.AddrToEndpoint(net.JoinHostPort(ip.String(), strconv.Itoa(int(port))))
}
2023-11-18 21:23:29 +03:00
func (d *SSH) remoteEndpoint(remoteHost string) sshtun.Endpoint {
port := int(d.params.ForwardPort)
if port == 0 {
port = 80
}
return sshtun.Endpoint{
Host: remoteHost,
Port: port,
}
}
2023-11-17 20:39:00 +03:00
func (d *SSH) Driver() config.DriverType {
return config.DriverSSH
}
func (d *SSH) WaitForShutdown() {
2023-11-18 21:23:29 +03:00
go d.Handle(dto.Event{Type: dto.EventShutdown})
2023-11-17 20:39:00 +03:00
d.wg.Wait()
}
2023-11-18 17:51:04 +03:00
func (d *SSH) authenticators() []ssh.AuthMethod {
auth := d.authenticator()
if auth == nil {
return nil
}
2023-11-18 17:51:04 +03:00
return []ssh.AuthMethod{auth}
}
func (d *SSH) authenticator() ssh.AuthMethod {
switch d.params.Auth.Type {
case types.AuthTypePasswordless:
2023-11-18 21:23:29 +03:00
return sshtun.AuthPassword("")
2023-11-18 17:51:04 +03:00
case types.AuthTypePassword:
2023-11-18 21:23:29 +03:00
return sshtun.AuthPassword(d.params.Auth.Password)
2023-11-18 17:51:04 +03:00
case types.AuthTypeKey:
if d.params.Auth.Keyfile != "" {
2023-11-18 21:23:29 +03:00
keyAuth, err := sshtun.AuthKeyFile(
2023-11-18 17:51:04 +03:00
types.SmartPath(path.Join(d.params.Auth.Directory.String(), d.params.Auth.Keyfile)))
if err != nil {
return nil
}
return keyAuth
}
2023-11-18 21:23:29 +03:00
dirAuth, err := sshtun.AuthKeyDir(d.params.Auth.Directory)
if err != nil {
2023-11-18 17:51:04 +03:00
return nil
}
2023-11-18 17:51:04 +03:00
return dirAuth
}
return nil
}