mirror of
				https://github.com/moul/sshportal.git
				synced 2025-10-25 21:46:30 +08:00 
			
		
		
		
	Refactor gliderlabs/ssh to support custom handlers
This commit is contained in:
		
							parent
							
								
									ee29310ed3
								
							
						
					
					
						commit
						4125bc2768
					
				
					 5 changed files with 31 additions and 25 deletions
				
			
		
							
								
								
									
										6
									
								
								vendor/github.com/gliderlabs/ssh/agent.go
									
										
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										6
									
								
								vendor/github.com/gliderlabs/ssh/agent.go
									
										
									
										generated
									
									
										vendored
									
									
								
							|  | @ -22,8 +22,10 @@ const ( | |||
| // client requested agent forwarding | ||||
| var contextKeyAgentRequest = &contextKey{"auth-agent-req"} | ||||
| 
 | ||||
| func setAgentRequested(sess *session) { | ||||
| 	sess.ctx.SetValue(contextKeyAgentRequest, true) | ||||
| // SetAgentRequested sets up the session context so that AgentRequested | ||||
| // returns true. | ||||
| func SetAgentRequested(ctx Context) { | ||||
| 	ctx.SetValue(contextKeyAgentRequest, true) | ||||
| } | ||||
| 
 | ||||
| // AgentRequested returns true if the client requested agent forwarding. | ||||
|  |  | |||
							
								
								
									
										2
									
								
								vendor/github.com/gliderlabs/ssh/context.go
									
										
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								vendor/github.com/gliderlabs/ssh/context.go
									
										
									
										generated
									
									
										vendored
									
									
								
							|  | @ -103,7 +103,7 @@ func newContext(srv *Server) (*sshContext, context.CancelFunc) { | |||
| 
 | ||||
| // this is separate from newContext because we will get ConnMetadata | ||||
| // at different points so it needs to be applied separately | ||||
| func (ctx *sshContext) applyConnMetadata(conn gossh.ConnMetadata) { | ||||
| func applyConnMetadata(ctx Context, conn gossh.ConnMetadata) { | ||||
| 	if ctx.Value(ContextKeySessionID) != nil { | ||||
| 		return | ||||
| 	} | ||||
|  |  | |||
							
								
								
									
										38
									
								
								vendor/github.com/gliderlabs/ssh/server.go
									
										
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										38
									
								
								vendor/github.com/gliderlabs/ssh/server.go
									
										
									
										generated
									
									
										vendored
									
									
								
							|  | @ -26,6 +26,7 @@ type Server struct { | |||
| 
 | ||||
| 	PasswordHandler             PasswordHandler             // password authentication handler | ||||
| 	PublicKeyHandler            PublicKeyHandler            // public key authentication handler | ||||
| 	ChannelHandler              ChannelHandler              // channel handler | ||||
| 	PtyCallback                 PtyCallback                 // callback for allowing PTY sessions, allows all if nil | ||||
| 	ConnCallback                ConnCallback                // optional callback for wrapping net.Conn before handling | ||||
| 	LocalPortForwardingCallback LocalPortForwardingCallback // callback for allowing local port forwarding, denies all if nil | ||||
|  | @ -33,16 +34,13 @@ type Server struct { | |||
| 	IdleTimeout time.Duration // connection timeout when no activity, none if empty | ||||
| 	MaxTimeout  time.Duration // absolute connection timeout, none if empty | ||||
| 
 | ||||
| 	channelHandlers map[string]channelHandler | ||||
| 
 | ||||
| 	mu        sync.Mutex | ||||
| 	listeners map[net.Listener]struct{} | ||||
| 	conns     map[*gossh.ServerConn]struct{} | ||||
| 	doneChan  chan struct{} | ||||
| } | ||||
| 
 | ||||
| // internal for now | ||||
| type channelHandler func(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx *sshContext) | ||||
| type ChannelHandler func(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context) | ||||
| 
 | ||||
| func (srv *Server) ensureHostSigner() error { | ||||
| 	if len(srv.HostSigners) == 0 { | ||||
|  | @ -55,11 +53,7 @@ func (srv *Server) ensureHostSigner() error { | |||
| 	return nil | ||||
| } | ||||
| 
 | ||||
| func (srv *Server) config(ctx *sshContext) *gossh.ServerConfig { | ||||
| 	srv.channelHandlers = map[string]channelHandler{ | ||||
| 		"session":      sessionHandler, | ||||
| 		"direct-tcpip": directTcpipHandler, | ||||
| 	} | ||||
| func (srv *Server) config(ctx Context) *gossh.ServerConfig { | ||||
| 	config := &gossh.ServerConfig{} | ||||
| 	for _, signer := range srv.HostSigners { | ||||
| 		config.AddHostKey(signer) | ||||
|  | @ -72,7 +66,7 @@ func (srv *Server) config(ctx *sshContext) *gossh.ServerConfig { | |||
| 	} | ||||
| 	if srv.PasswordHandler != nil { | ||||
| 		config.PasswordCallback = func(conn gossh.ConnMetadata, password []byte) (*gossh.Permissions, error) { | ||||
| 			ctx.applyConnMetadata(conn) | ||||
| 			applyConnMetadata(ctx, conn) | ||||
| 			if ok := srv.PasswordHandler(ctx, string(password)); !ok { | ||||
| 				return ctx.Permissions().Permissions, fmt.Errorf("permission denied") | ||||
| 			} | ||||
|  | @ -81,7 +75,7 @@ func (srv *Server) config(ctx *sshContext) *gossh.ServerConfig { | |||
| 	} | ||||
| 	if srv.PublicKeyHandler != nil { | ||||
| 		config.PublicKeyCallback = func(conn gossh.ConnMetadata, key gossh.PublicKey) (*gossh.Permissions, error) { | ||||
| 			ctx.applyConnMetadata(conn) | ||||
| 			applyConnMetadata(ctx, conn) | ||||
| 			if ok := srv.PublicKeyHandler(ctx, key); !ok { | ||||
| 				return ctx.Permissions().Permissions, fmt.Errorf("permission denied") | ||||
| 			} | ||||
|  | @ -223,15 +217,25 @@ func (srv *Server) handleConn(newConn net.Conn) { | |||
| 	defer srv.trackConn(sshConn, false) | ||||
| 
 | ||||
| 	ctx.SetValue(ContextKeyConn, sshConn) | ||||
| 	ctx.applyConnMetadata(sshConn) | ||||
| 	applyConnMetadata(ctx, sshConn) | ||||
| 	go gossh.DiscardRequests(reqs) | ||||
| 	for ch := range chans { | ||||
| 		handler, found := srv.channelHandlers[ch.ChannelType()] | ||||
| 		if !found { | ||||
| 			ch.Reject(gossh.UnknownChannelType, "unsupported channel type") | ||||
| 			continue | ||||
| 		if srv.ChannelHandler == nil { | ||||
| 			DefaultChannelHandler(srv, sshConn, ch, ctx) | ||||
| 		} else { | ||||
| 			srv.ChannelHandler(srv, sshConn, ch, ctx) | ||||
| 		} | ||||
| 		go handler(srv, sshConn, ch, ctx) | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
| func DefaultChannelHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context) { | ||||
| 	switch newChan.ChannelType() { | ||||
| 	case "session": | ||||
| 		go sessionHandler(srv, conn, newChan, ctx) | ||||
| 	case "direct-tcpip": | ||||
| 		go directTcpipHandler(srv, conn, newChan, ctx) | ||||
| 	default: | ||||
| 		newChan.Reject(gossh.UnknownChannelType, "unsupported channel type") | ||||
| 	} | ||||
| } | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										8
									
								
								vendor/github.com/gliderlabs/ssh/session.go
									
										
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										8
									
								
								vendor/github.com/gliderlabs/ssh/session.go
									
										
									
										generated
									
									
										vendored
									
									
								
							|  | @ -77,7 +77,7 @@ type Session interface { | |||
| // when there is no signal channel specified | ||||
| const maxSigBufSize = 128 | ||||
| 
 | ||||
| func sessionHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx *sshContext) { | ||||
| func sessionHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context) { | ||||
| 	ch, reqs, err := newChan.Accept() | ||||
| 	if err != nil { | ||||
| 		// TODO: trigger event callback | ||||
|  | @ -105,7 +105,7 @@ type session struct { | |||
| 	env     []string | ||||
| 	ptyCb   PtyCallback | ||||
| 	cmd     []string | ||||
| 	ctx     *sshContext | ||||
| 	ctx     Context | ||||
| 	sigCh   chan<- Signal | ||||
| 	sigBuf  []Signal | ||||
| } | ||||
|  | @ -142,7 +142,7 @@ func (sess *session) Permissions() Permissions { | |||
| } | ||||
| 
 | ||||
| func (sess *session) Context() context.Context { | ||||
| 	return sess.ctx.Context | ||||
| 	return sess.ctx | ||||
| } | ||||
| 
 | ||||
| func (sess *session) Exit(code int) error { | ||||
|  | @ -278,7 +278,7 @@ func (sess *session) handleRequests(reqs <-chan *gossh.Request) { | |||
| 			req.Reply(ok, nil) | ||||
| 		case agentRequestType: | ||||
| 			// TODO: option/callback to allow agent forwarding | ||||
| 			setAgentRequested(sess) | ||||
| 			SetAgentRequested(sess.ctx) | ||||
| 			req.Reply(true, nil) | ||||
| 		default: | ||||
| 			// TODO: debug log | ||||
|  |  | |||
							
								
								
									
										2
									
								
								vendor/github.com/gliderlabs/ssh/tcpip.go
									
										
									
										generated
									
									
										vendored
									
									
								
							
							
						
						
									
										2
									
								
								vendor/github.com/gliderlabs/ssh/tcpip.go
									
										
									
										generated
									
									
										vendored
									
									
								
							|  | @ -17,7 +17,7 @@ type forwardData struct { | |||
| 	OriginatorPort uint32 | ||||
| } | ||||
| 
 | ||||
| func directTcpipHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx *sshContext) { | ||||
| func directTcpipHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context) { | ||||
| 	d := forwardData{} | ||||
| 	if err := gossh.Unmarshal(newChan.ExtraData(), &d); err != nil { | ||||
| 		newChan.Reject(gossh.ConnectionFailed, "error parsing forward data: "+err.Error()) | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue