sshportal/main.go

package main

import (
	"fmt"
	"log"
	"math"
	"math/rand"
	"net"
	"os"
	"path"
	"time"

	"github.com/gliderlabs/ssh"
	"github.com/jinzhu/gorm"
	_ "github.com/jinzhu/gorm/dialects/mysql"
	_ "github.com/jinzhu/gorm/dialects/sqlite"
	"github.com/urfave/cli"
)

var (
	// Version should be updated by hand at each release
	Version = "1.8.0+dev"
	// GitTag will be overwritten automatically by the build system
	GitTag string
	// GitSha will be overwritten automatically by the build system
	GitSha string
	// GitBranch will be overwritten automatically by the build system
	GitBranch string
)

func main() {
	rand.Seed(time.Now().UnixNano())

	app := cli.NewApp()
	app.Name = path.Base(os.Args[0])
	app.Author = "Manfred Touron"
	app.Version = Version + " (" + GitSha + ")"
	app.Email = "https://github.com/moul/sshportal"
	app.Commands = []cli.Command{
		{
			Name:  "server",
			Usage: "Start sshportal server",
			Action: func(c *cli.Context) error {
				if err := ensureLogDirectory(c.String("logs-location")); err != nil {
					return err
				}
				cfg, err := parseServeConfig(c)
				if err != nil {
					return err
				}
				return server(cfg)
			},
			Flags: []cli.Flag{
				cli.StringFlag{
					Name:   "bind-address, b",
					EnvVar: "SSHPORTAL_BIND",
					Value:  ":2222",
					Usage:  "SSH server bind address",
				},
				cli.StringFlag{
					Name:  "db-driver",
					Value: "sqlite3",
					Usage: "GORM driver (sqlite3)",
				},
				cli.StringFlag{
					Name:  "db-conn",
					Value: "./sshportal.db",
					Usage: "GORM connection string",
				},
				cli.BoolFlag{
					Name:  "debug, D",
					Usage: "Display debug information",
				},
				cli.StringFlag{
					Name:  "aes-key",
					Usage: "Encrypt sensitive data in database (length: 16, 24 or 32)",
				},
				cli.StringFlag{
					Name:  "logs-location",
					Value: "./log",
					Usage: "Store user session files",
				},
				cli.DurationFlag{
					Name:  "idle-timeout",
					Value: 0,
					Usage: "Duration before an inactive connection is timed out (0 to disable)",
				},
			},
		}, {
			Name:   "healthcheck",
			Action: func(c *cli.Context) error { return healthcheck(c.String("addr"), c.Bool("wait"), c.Bool("quiet")) },
			Flags: []cli.Flag{
				cli.StringFlag{
					Name:  "addr, a",
					Value: "localhost:2222",
					Usage: "sshportal server address",
				},
				cli.BoolFlag{
					Name:  "wait, w",
					Usage: "Loop indefinitely until sshportal is ready",
				},
				cli.BoolFlag{
					Name:  "quiet, q",
					Usage: "Do not print errors, if any",
				},
			},
		}, {
			Name:   "_test_server",
			Hidden: true,
			Action: testServer,
		},
	}
	if err := app.Run(os.Args); err != nil {
		log.Fatalf("error: %v", err)
	}
}

func server(c *configServe) (err error) {
	var db = (*gorm.DB)(nil)

	// try to setup the local DB
	if db, err = gorm.Open(c.dbDriver, c.dbURL); err != nil {
		return
	}
	defer func() {
		origErr := err
		err = db.Close()
		if origErr != nil {
			err = origErr
		}
	}()
	if err = db.DB().Ping(); err != nil {
		return
	}
	db.LogMode(c.debug)
	if err = dbInit(db); err != nil {
		return
	}

	// create TCP listening socket
	ln, err := net.Listen("tcp", c.bindAddr)
	if err != nil {
		return err
	}

	// configure server
	srv := &ssh.Server{
		Addr:           c.bindAddr,
		Handler:        shellHandler, // ssh.Server.Handler is the handler for the DefaultSessionHandler
		Version:        fmt.Sprintf("sshportal-%s", Version),
		ChannelHandler: channelHandler,
	}
	if c.idleTimeout != 0 {
		srv.IdleTimeout = c.idleTimeout
		// gliderlabs/ssh requires MaxTimeout to be non-zero if we want to use IdleTimeout.
		// So, set it to the max value, because we don't want a max timeout.
		srv.MaxTimeout = math.MaxInt64
	}

	for _, opt := range []ssh.Option{
		// custom PublicKeyAuth handler
		ssh.PublicKeyAuth(publicKeyAuthHandler(db, c)),
		ssh.PasswordAuth(passwordAuthHandler(db, c)),
		// retrieve sshportal SSH private key from database
		privateKeyFromDB(db, c.aesKey),
	} {
		if err := srv.SetOption(opt); err != nil {
			return err
		}
	}

	log.Printf("info: SSH Server accepting connections on %s", c.bindAddr)
	return srv.Serve(ln)
}
POC 2017-09-30 19:12:43 +08:00			`package main`

			`import (`
			`"fmt"`
			`"log"`
add timeout and flag 2018-11-16 02:38:18 +08:00			`"math"`
Set random seed properly 2017-11-14 08:29:25 +08:00			`"math/rand"`
Add Docker healthcheck helper 2018-01-01 17:41:21 +08:00			`"net"`
POC 2017-09-30 19:12:43 +08:00			`"os"`
			`"path"`
Set random seed properly 2017-11-14 08:29:25 +08:00			`"time"`
POC 2017-09-30 19:12:43 +08:00
			`"github.com/gliderlabs/ssh"`
Add database 2017-10-30 23:48:14 +08:00			`"github.com/jinzhu/gorm"`
Add --debug options + mysql driver 2017-10-31 00:12:04 +08:00			`_ "github.com/jinzhu/gorm/dialects/mysql"`
Add database 2017-10-30 23:48:14 +08:00			`_ "github.com/jinzhu/gorm/dialects/sqlite"`
POC 2017-09-30 19:12:43 +08:00			`"github.com/urfave/cli"`
			`)`

Use dynamic version 2017-11-14 07:38:23 +08:00			`var (`
Lint code + fix tests 2017-12-04 01:18:17 +08:00			`// Version should be updated by hand at each release`
Post-release version bump 2018-04-03 04:30:19 +08:00			`Version = "1.8.0+dev"`
Lint code + fix tests 2017-12-04 01:18:17 +08:00			`// GitTag will be overwritten automatically by the build system`
			`GitTag string`
			`// GitSha will be overwritten automatically by the build system`
			`GitSha string`
			`// GitBranch will be overwritten automatically by the build system`
			`GitBranch string`
Use dynamic version 2017-11-14 07:38:23 +08:00			`)`
Add 'version' command 2017-11-02 05:09:08 +08:00
POC 2017-09-30 19:12:43 +08:00			`func main() {`
Set random seed properly 2017-11-14 08:29:25 +08:00			`rand.Seed(time.Now().UnixNano())`

POC 2017-09-30 19:12:43 +08:00			`app := cli.NewApp()`
			`app.Name = path.Base(os.Args[0])`
			`app.Author = "Manfred Touron"`
Lint code + fix tests 2017-12-04 01:18:17 +08:00			`app.Version = Version + " (" + GitSha + ")"`
POC 2017-09-30 19:12:43 +08:00			`app.Email = "https://github.com/moul/sshportal"`
Use `sshportal server` instead of `sshportal` to start a new server 2017-12-31 23:31:25 +08:00			`app.Commands = []cli.Command{`
			`{`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`Name: "server",`
			`Usage: "Start sshportal server",`
			`Action: func(c *cli.Context) error {`
			`if err := ensureLogDirectory(c.String("logs-location")); err != nil {`
			`return err`
			`}`
			`cfg, err := parseServeConfig(c)`
			`if err != nil {`
			`return err`
			`}`
			`return server(cfg)`
			`},`
Use `sshportal server` instead of `sshportal` to start a new server 2017-12-31 23:31:25 +08:00			`Flags: []cli.Flag{`
			`cli.StringFlag{`
			`Name: "bind-address, b",`
			`EnvVar: "SSHPORTAL_BIND",`
			`Value: ":2222",`
			`Usage: "SSH server bind address",`
			`},`
			`cli.StringFlag{`
			`Name: "db-driver",`
			`Value: "sqlite3",`
			`Usage: "GORM driver (sqlite3)",`
			`},`
			`cli.StringFlag{`
			`Name: "db-conn",`
			`Value: "./sshportal.db",`
			`Usage: "GORM connection string",`
			`},`
			`cli.BoolFlag{`
			`Name: "debug, D",`
			`Usage: "Display debug information",`
			`},`
			`cli.StringFlag{`
			`Name: "aes-key",`
			`Usage: "Encrypt sensitive data in database (length: 16, 24 or 32)",`
			`},`
add audit feature. 2018-01-02 23:31:34 +08:00			`cli.StringFlag{`
Small fixes 2018-01-05 18:02:13 +08:00			`Name: "logs-location",`
fix log location 2018-01-04 18:49:24 +08:00			`Value: "./log",`
add audit feature. 2018-01-02 23:31:34 +08:00			`Usage: "Store user session files",`
			`},`
add timeout and flag 2018-11-16 02:38:18 +08:00			`cli.DurationFlag{`
			`Name: "idle-timeout",`
			`Value: 0,`
			`Usage: "Duration before an inactive connection is timed out (0 to disable)",`
			`},`
Use `sshportal server` instead of `sshportal` to start a new server 2017-12-31 23:31:25 +08:00			`},`
Add Docker healthcheck helper 2018-01-01 17:41:21 +08:00			`}, {`
			`Name: "healthcheck",`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`Action: func(c *cli.Context) error { return healthcheck(c.String("addr"), c.Bool("wait"), c.Bool("quiet")) },`
Add Docker healthcheck helper 2018-01-01 17:41:21 +08:00			`Flags: []cli.Flag{`
			`cli.StringFlag{`
			`Name: "addr, a",`
			`Value: "localhost:2222",`
Add healthcheck --wait and --quiet options 2018-01-01 17:54:58 +08:00			`Usage: "sshportal server address",`
			`},`
			`cli.BoolFlag{`
			`Name: "wait, w",`
			`Usage: "Loop indefinitely until sshportal is ready",`
			`},`
			`cli.BoolFlag{`
			`Name: "quiet, q",`
			`Usage: "Do not print errors, if any",`
Add Docker healthcheck helper 2018-01-01 17:41:21 +08:00			`},`
			`},`
Add '_test_server' hidden handler 2018-01-02 17:57:18 +08:00			`}, {`
			`Name: "_test_server",`
			`Hidden: true,`
			`Action: testServer,`
Add option to encrypt sensitive data 2017-11-24 21:29:41 +08:00			`},`
POC 2017-09-30 19:12:43 +08:00			`}`
Return a better message when running without the demo mode 2017-11-02 17:32:35 +08:00			`if err := app.Run(os.Args); err != nil {`
			`log.Fatalf("error: %v", err)`
			`}`
POC 2017-09-30 19:12:43 +08:00			`}`

main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`func server(c *configServe) (err error) {`
			`var db = (*gorm.DB)(nil)`

			`// try to setup the local DB`
			`if db, err = gorm.Open(c.dbDriver, c.dbURL); err != nil {`
			`return`
Add database 2017-10-30 23:48:14 +08:00			`}`
Lint code + fix tests 2017-12-04 01:18:17 +08:00			`defer func() {`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`origErr := err`
			`err = db.Close()`
			`if origErr != nil {`
			`err = origErr`
Lint code + fix tests 2017-12-04 01:18:17 +08:00			`}`
			`}()`
Use a database migration system 2017-11-19 08:18:17 +08:00			`if err = db.DB().Ping(); err != nil {`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`return`
Add --debug options + mysql driver 2017-10-31 00:12:04 +08:00			`}`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`db.LogMode(c.debug)`
Refactor sshportal: create a custom bastion session handler 2017-12-28 05:43:21 +08:00			`if err = dbInit(db); err != nil {`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`return`
add log directory creation if it does not exist. 2018-01-04 20:41:14 +08:00			`}`
Small fixes 2018-01-05 18:02:13 +08:00
Refactor bastion handler to forward every requests properly 2017-12-31 17:38:33 +08:00			`// create TCP listening socket`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`ln, err := net.Listen("tcp", c.bindAddr)`
Refactor sshportal: create a custom bastion session handler 2017-12-28 05:43:21 +08:00			`if err != nil {`
			`return err`
			`}`
Refactor bastion handler to forward every requests properly 2017-12-31 17:38:33 +08:00
			`// configure server`
			`srv := &ssh.Server{`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`Addr: c.bindAddr,`
Refactor bastion handler to forward every requests properly 2017-12-31 17:38:33 +08:00			`Handler: shellHandler, // ssh.Server.Handler is the handler for the DefaultSessionHandler`
			`Version: fmt.Sprintf("sshportal-%s", Version),`
			`ChannelHandler: channelHandler,`
			`}`
add timeout and flag 2018-11-16 02:38:18 +08:00			`if c.idleTimeout != 0 {`
			`srv.IdleTimeout = c.idleTimeout`
			`// gliderlabs/ssh requires MaxTimeout to be non-zero if we want to use IdleTimeout.`
			`// So, set it to the max value, because we don't want a max timeout.`
			`srv.MaxTimeout = math.MaxInt64`
			`}`
main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00
			`for _, opt := range []ssh.Option{`
			`// custom PublicKeyAuth handler`
			`ssh.PublicKeyAuth(publicKeyAuthHandler(db, c)),`
			`ssh.PasswordAuth(passwordAuthHandler(db, c)),`
			`// retrieve sshportal SSH private key from database`
			`privateKeyFromDB(db, c.aesKey),`
			`} {`
Refactor sshportal: create a custom bastion session handler 2017-12-28 05:43:21 +08:00			`if err := srv.SetOption(opt); err != nil {`
			`return err`
			`}`
			`}`

main: remove globalContext, and move some functions outside of the main 2018-01-07 02:46:00 +08:00			`log.Printf("info: SSH Server accepting connections on %s", c.bindAddr)`
Refactor sshportal: create a custom bastion session handler 2017-12-28 05:43:21 +08:00			`return srv.Serve(ln)`
POC 2017-09-30 19:12:43 +08:00			`}`