mirror of
https://github.com/moul/sshportal.git
synced 2024-09-20 15:06:07 +08:00
Refactor gliderlabs/ssh to support custom handlers
This commit is contained in:
parent
ee29310ed3
commit
4125bc2768
6
vendor/github.com/gliderlabs/ssh/agent.go
generated
vendored
6
vendor/github.com/gliderlabs/ssh/agent.go
generated
vendored
|
@ -22,8 +22,10 @@ const (
|
|||
// client requested agent forwarding
|
||||
var contextKeyAgentRequest = &contextKey{"auth-agent-req"}
|
||||
|
||||
func setAgentRequested(sess *session) {
|
||||
sess.ctx.SetValue(contextKeyAgentRequest, true)
|
||||
// SetAgentRequested sets up the session context so that AgentRequested
|
||||
// returns true.
|
||||
func SetAgentRequested(ctx Context) {
|
||||
ctx.SetValue(contextKeyAgentRequest, true)
|
||||
}
|
||||
|
||||
// AgentRequested returns true if the client requested agent forwarding.
|
||||
|
|
2
vendor/github.com/gliderlabs/ssh/context.go
generated
vendored
2
vendor/github.com/gliderlabs/ssh/context.go
generated
vendored
|
@ -103,7 +103,7 @@ func newContext(srv *Server) (*sshContext, context.CancelFunc) {
|
|||
|
||||
// this is separate from newContext because we will get ConnMetadata
|
||||
// at different points so it needs to be applied separately
|
||||
func (ctx *sshContext) applyConnMetadata(conn gossh.ConnMetadata) {
|
||||
func applyConnMetadata(ctx Context, conn gossh.ConnMetadata) {
|
||||
if ctx.Value(ContextKeySessionID) != nil {
|
||||
return
|
||||
}
|
||||
|
|
38
vendor/github.com/gliderlabs/ssh/server.go
generated
vendored
38
vendor/github.com/gliderlabs/ssh/server.go
generated
vendored
|
@ -26,6 +26,7 @@ type Server struct {
|
|||
|
||||
PasswordHandler PasswordHandler // password authentication handler
|
||||
PublicKeyHandler PublicKeyHandler // public key authentication handler
|
||||
ChannelHandler ChannelHandler // channel handler
|
||||
PtyCallback PtyCallback // callback for allowing PTY sessions, allows all if nil
|
||||
ConnCallback ConnCallback // optional callback for wrapping net.Conn before handling
|
||||
LocalPortForwardingCallback LocalPortForwardingCallback // callback for allowing local port forwarding, denies all if nil
|
||||
|
@ -33,16 +34,13 @@ type Server struct {
|
|||
IdleTimeout time.Duration // connection timeout when no activity, none if empty
|
||||
MaxTimeout time.Duration // absolute connection timeout, none if empty
|
||||
|
||||
channelHandlers map[string]channelHandler
|
||||
|
||||
mu sync.Mutex
|
||||
listeners map[net.Listener]struct{}
|
||||
conns map[*gossh.ServerConn]struct{}
|
||||
doneChan chan struct{}
|
||||
}
|
||||
|
||||
// internal for now
|
||||
type channelHandler func(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx *sshContext)
|
||||
type ChannelHandler func(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context)
|
||||
|
||||
func (srv *Server) ensureHostSigner() error {
|
||||
if len(srv.HostSigners) == 0 {
|
||||
|
@ -55,11 +53,7 @@ func (srv *Server) ensureHostSigner() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (srv *Server) config(ctx *sshContext) *gossh.ServerConfig {
|
||||
srv.channelHandlers = map[string]channelHandler{
|
||||
"session": sessionHandler,
|
||||
"direct-tcpip": directTcpipHandler,
|
||||
}
|
||||
func (srv *Server) config(ctx Context) *gossh.ServerConfig {
|
||||
config := &gossh.ServerConfig{}
|
||||
for _, signer := range srv.HostSigners {
|
||||
config.AddHostKey(signer)
|
||||
|
@ -72,7 +66,7 @@ func (srv *Server) config(ctx *sshContext) *gossh.ServerConfig {
|
|||
}
|
||||
if srv.PasswordHandler != nil {
|
||||
config.PasswordCallback = func(conn gossh.ConnMetadata, password []byte) (*gossh.Permissions, error) {
|
||||
ctx.applyConnMetadata(conn)
|
||||
applyConnMetadata(ctx, conn)
|
||||
if ok := srv.PasswordHandler(ctx, string(password)); !ok {
|
||||
return ctx.Permissions().Permissions, fmt.Errorf("permission denied")
|
||||
}
|
||||
|
@ -81,7 +75,7 @@ func (srv *Server) config(ctx *sshContext) *gossh.ServerConfig {
|
|||
}
|
||||
if srv.PublicKeyHandler != nil {
|
||||
config.PublicKeyCallback = func(conn gossh.ConnMetadata, key gossh.PublicKey) (*gossh.Permissions, error) {
|
||||
ctx.applyConnMetadata(conn)
|
||||
applyConnMetadata(ctx, conn)
|
||||
if ok := srv.PublicKeyHandler(ctx, key); !ok {
|
||||
return ctx.Permissions().Permissions, fmt.Errorf("permission denied")
|
||||
}
|
||||
|
@ -223,15 +217,25 @@ func (srv *Server) handleConn(newConn net.Conn) {
|
|||
defer srv.trackConn(sshConn, false)
|
||||
|
||||
ctx.SetValue(ContextKeyConn, sshConn)
|
||||
ctx.applyConnMetadata(sshConn)
|
||||
applyConnMetadata(ctx, sshConn)
|
||||
go gossh.DiscardRequests(reqs)
|
||||
for ch := range chans {
|
||||
handler, found := srv.channelHandlers[ch.ChannelType()]
|
||||
if !found {
|
||||
ch.Reject(gossh.UnknownChannelType, "unsupported channel type")
|
||||
continue
|
||||
if srv.ChannelHandler == nil {
|
||||
DefaultChannelHandler(srv, sshConn, ch, ctx)
|
||||
} else {
|
||||
srv.ChannelHandler(srv, sshConn, ch, ctx)
|
||||
}
|
||||
go handler(srv, sshConn, ch, ctx)
|
||||
}
|
||||
}
|
||||
|
||||
func DefaultChannelHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context) {
|
||||
switch newChan.ChannelType() {
|
||||
case "session":
|
||||
go sessionHandler(srv, conn, newChan, ctx)
|
||||
case "direct-tcpip":
|
||||
go directTcpipHandler(srv, conn, newChan, ctx)
|
||||
default:
|
||||
newChan.Reject(gossh.UnknownChannelType, "unsupported channel type")
|
||||
}
|
||||
}
|
||||
|
||||
|
|
8
vendor/github.com/gliderlabs/ssh/session.go
generated
vendored
8
vendor/github.com/gliderlabs/ssh/session.go
generated
vendored
|
@ -77,7 +77,7 @@ type Session interface {
|
|||
// when there is no signal channel specified
|
||||
const maxSigBufSize = 128
|
||||
|
||||
func sessionHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx *sshContext) {
|
||||
func sessionHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context) {
|
||||
ch, reqs, err := newChan.Accept()
|
||||
if err != nil {
|
||||
// TODO: trigger event callback
|
||||
|
@ -105,7 +105,7 @@ type session struct {
|
|||
env []string
|
||||
ptyCb PtyCallback
|
||||
cmd []string
|
||||
ctx *sshContext
|
||||
ctx Context
|
||||
sigCh chan<- Signal
|
||||
sigBuf []Signal
|
||||
}
|
||||
|
@ -142,7 +142,7 @@ func (sess *session) Permissions() Permissions {
|
|||
}
|
||||
|
||||
func (sess *session) Context() context.Context {
|
||||
return sess.ctx.Context
|
||||
return sess.ctx
|
||||
}
|
||||
|
||||
func (sess *session) Exit(code int) error {
|
||||
|
@ -278,7 +278,7 @@ func (sess *session) handleRequests(reqs <-chan *gossh.Request) {
|
|||
req.Reply(ok, nil)
|
||||
case agentRequestType:
|
||||
// TODO: option/callback to allow agent forwarding
|
||||
setAgentRequested(sess)
|
||||
SetAgentRequested(sess.ctx)
|
||||
req.Reply(true, nil)
|
||||
default:
|
||||
// TODO: debug log
|
||||
|
|
2
vendor/github.com/gliderlabs/ssh/tcpip.go
generated
vendored
2
vendor/github.com/gliderlabs/ssh/tcpip.go
generated
vendored
|
@ -17,7 +17,7 @@ type forwardData struct {
|
|||
OriginatorPort uint32
|
||||
}
|
||||
|
||||
func directTcpipHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx *sshContext) {
|
||||
func directTcpipHandler(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context) {
|
||||
d := forwardData{}
|
||||
if err := gossh.Unmarshal(newChan.ExtraData(), &d); err != nil {
|
||||
newChan.Reject(gossh.ConnectionFailed, "error parsing forward data: "+err.Error())
|
||||
|
|
Loading…
Reference in a new issue