warp-tech/warpgate
1
1
Fork 0
mirror of https://github.com/warp-tech/warpgate.git synced 2024-09-20 06:46:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

updated russh to 0.43 (#970)

Browse source
This commit is contained in:
Eugene 2024-03-24 11:04:21 +01:00 committed by GitHub
parent 81cefebe96
commit 21e0008695
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 1370 additions and 1082 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2232
Cargo.lock generated
View file

File diff suppressed because it is too large Load diff

4
warpgate-admin/Cargo.toml
View file

@ -24,9 +24,9 @@ poem-openapi = { version = "2.0", features = [
"uuid", "uuid",
"static-files", "static-files",
] } ] }
russh-keys = { version = "0.42.0", features = ["openssl"] } russh-keys = { version = "0.43.0", features = ["openssl"] }
# russh-keys = { version = "0.23.0-beta.1", features = ["openssl"], path = "../../russh/russh-keys" } # russh-keys = { version = "0.23.0-beta.1", features = ["openssl"], path = "../../russh/russh-keys" }
rust-embed = "6.3" rust-embed = "8.3"
sea-orm = { version = "0.12.2", features = [ sea-orm = { version = "0.12.2", features = [
"runtime-tokio-native-tls", "runtime-tokio-native-tls",
"macros", "macros",

6
warpgate-protocol-ssh/Cargo.toml
View file

@ -11,10 +11,12 @@ async-trait = "0.1"
bimap = "0.6" bimap = "0.6"
bytes = "1.3" bytes = "1.3"
dialoguer = "0.10" dialoguer = "0.10"
curve25519-dalek = "4.0.0" # pin due to build fail on x86
ed25519-dalek = "2.0.0" # pin due to build fail on x86 in 2.1
futures = "0.3" futures = "0.3"
russh = { version = "0.42.0", features = ["vendored-openssl"] } russh = { version = "0.43.0", features = ["vendored-openssl"] }
# russh = { version = "0.35.0-beta.6", features = ["vendored-openssl"], path = "../../russh/russh"} # russh = { version = "0.35.0-beta.6", features = ["vendored-openssl"], path = "../../russh/russh"}
russh-keys = { version = "0.42.0", features = ["vendored-openssl"] } russh-keys = { version = "0.43.0", features = ["vendored-openssl"] }
# russh-keys = { version = "0.23.0-beta.1", features = ["vendored-openssl"], path = "../../russh/russh-keys" } # russh-keys = { version = "0.23.0-beta.1", features = ["vendored-openssl"], path = "../../russh/russh-keys" }
sea-orm = { version = "0.12.2", features = [ sea-orm = { version = "0.12.2", features = [
"runtime-tokio-native-tls", "runtime-tokio-native-tls",

26
warpgate-protocol-ssh/src/client/handler.rs
View file

@ -45,9 +45,9 @@ impl russh::client::Handler for ClientHandler {
type Error = ClientHandlerError; type Error = ClientHandlerError;
async fn check_server_key( async fn check_server_key(
self, &mut self,
server_public_key: &PublicKey, server_public_key: &PublicKey,
) -> Result<(Self, bool), Self::Error> { ) -> Result<bool, Self::Error> {
let mut known_hosts = KnownHosts::new(&self.services.db); let mut known_hosts = KnownHosts::new(&self.services.db);
self.event_tx self.event_tx
.send(ClientHandlerEvent::HostKeyReceived( .send(ClientHandlerEvent::HostKeyReceived(
@ -62,7 +62,7 @@ impl russh::client::Handler for ClientHandler {
) )
.await .await
{ {
Ok(KnownHostValidationResult::Valid) => Ok((self, true)), Ok(KnownHostValidationResult::Valid) => Ok(true),
Ok(KnownHostValidationResult::Invalid { Ok(KnownHostValidationResult::Invalid {
key_type, key_type,
key_base64, key_base64,
@ -99,9 +99,9 @@ impl russh::client::Handler for ClientHandler {
{ {
error!(?error, session=%self.session_id, "Failed to save host key"); error!(?error, session=%self.session_id, "Failed to save host key");
} }
Ok((self, true)) Ok(true)
} else { } else {
Ok((self, false)) Ok(false)
} }
} }
Err(error) => { Err(error) => {
@ -112,14 +112,14 @@ impl russh::client::Handler for ClientHandler {
} }
async fn server_channel_open_forwarded_tcpip( async fn server_channel_open_forwarded_tcpip(
self, &mut self,
channel: Channel<Msg>, channel: Channel<Msg>,
connected_address: &str, connected_address: &str,
connected_port: u32, connected_port: u32,
originator_address: &str, originator_address: &str,
originator_port: u32, originator_port: u32,
session: Session, __session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let connected_address = connected_address.to_string(); let connected_address = connected_address.to_string();
let originator_address = originator_address.to_string(); let originator_address = originator_address.to_string();
let _ = self.event_tx.send(ClientHandlerEvent::ForwardedTcpIp( let _ = self.event_tx.send(ClientHandlerEvent::ForwardedTcpIp(
@ -131,23 +131,23 @@ impl russh::client::Handler for ClientHandler {
originator_port, originator_port,
}, },
)); ));
Ok((self, session)) Ok(())
} }
async fn server_channel_open_x11( async fn server_channel_open_x11(
self, &mut self,
channel: Channel<Msg>, channel: Channel<Msg>,
originator_address: &str, originator_address: &str,
originator_port: u32, originator_port: u32,
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let originator_address = originator_address.to_string(); let originator_address = originator_address.to_string();
let _ = self.event_tx.send(ClientHandlerEvent::X11( let _ = self.event_tx.send(ClientHandlerEvent::X11(
channel, channel,
originator_address, originator_address,
originator_port, originator_port,
)); ));
Ok((self, session)) Ok(())
} }
} }

13
warpgate-protocol-ssh/src/client/mod.rs
View file

@ -563,30 +563,29 @@ impl RemoteClient {
Ok(()) Ok(())
} }
async fn tcpip_forward(&mut self, address: String, port: u32) -> Result<bool, SshClientError> { async fn tcpip_forward(&mut self, address: String, port: u32) -> Result<(), SshClientError> {
if let Some(session) = &self.session { if let Some(session) = &self.session {
let mut session = session.lock().await; let mut session = session.lock().await;
session.tcpip_forward(address, port).await?;
Ok(session.tcpip_forward(address, port).await?)
} else { } else {
self.pending_forwards.push((address, port)); self.pending_forwards.push((address, port));
Ok(true)
} }
Ok(())
} }
async fn cancel_tcpip_forward( async fn cancel_tcpip_forward(
&mut self, &mut self,
address: String, address: String,
port: u32, port: u32,
) -> Result<bool, SshClientError> { ) -> Result<(), SshClientError> {
if let Some(session) = &self.session { if let Some(session) = &self.session {
let session = session.lock().await; let session = session.lock().await;
Ok(session.cancel_tcpip_forward(address, port).await?) session.cancel_tcpip_forward(address, port).await?;
} else { } else {
self.pending_forwards self.pending_forwards
.retain(|x| x.0 != address || x.1 != port); .retain(|x| x.0 != address || x.1 != port);
Ok(true)
} }
Ok(())
} }
async fn disconnect(&mut self) { async fn disconnect(&mut self) {

169
warpgate-protocol-ssh/src/server/russh_handler.rs
View file

@ -74,17 +74,17 @@ impl ServerHandler {
impl russh::server::Handler for ServerHandler { impl russh::server::Handler for ServerHandler {
type Error = anyhow::Error; type Error = anyhow::Error;
async fn auth_succeeded(self, session: Session) -> Result<(Self, Session), Self::Error> { async fn auth_succeeded(&mut self, session: &mut Session) -> Result<(), Self::Error> {
let handle = session.handle(); let handle = session.handle();
self.send_event(ServerHandlerEvent::Authenticated(HandleWrapper(handle)))?; self.send_event(ServerHandlerEvent::Authenticated(HandleWrapper(handle)))?;
Ok((self, session)) Ok(())
} }
async fn channel_open_session( async fn channel_open_session(
self, &mut self,
channel: Channel<Msg>, channel: Channel<Msg>,
session: Session, _session: &mut Session,
) -> Result<(Self, bool, Session), Self::Error> { ) -> Result<bool, Self::Error> {
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::ChannelOpenSession( self.send_event(ServerHandlerEvent::ChannelOpenSession(
@ -93,15 +93,15 @@ impl russh::server::Handler for ServerHandler {
))?; ))?;
let allowed = rx.await.unwrap_or(false); let allowed = rx.await.unwrap_or(false);
Ok((self, allowed, session)) Ok(allowed)
} }
async fn subsystem_request( async fn subsystem_request(
self, &mut self,
channel: ChannelId, channel: ChannelId,
name: &str, name: &str,
mut session: Session, session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let name = name.to_string(); let name = name.to_string();
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
@ -117,11 +117,11 @@ impl russh::server::Handler for ServerHandler {
session.channel_failure(channel) session.channel_failure(channel)
} }
Ok((self, session)) Ok(())
} }
async fn pty_request( async fn pty_request(
self, &mut self,
channel: ChannelId, channel: ChannelId,
term: &str, term: &str,
col_width: u32, col_width: u32,
@ -129,8 +129,8 @@ impl russh::server::Handler for ServerHandler {
pix_width: u32, pix_width: u32,
pix_height: u32, pix_height: u32,
modes: &[(Pty, u32)], modes: &[(Pty, u32)],
mut session: Session, session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let term = term.to_string(); let term = term.to_string();
let modes = modes let modes = modes
.iter() .iter()
@ -155,14 +155,14 @@ impl russh::server::Handler for ServerHandler {
let _ = rx.await; let _ = rx.await;
session.channel_success(channel); session.channel_success(channel);
Ok((self, session)) Ok(())
} }
async fn shell_request( async fn shell_request(
self, &mut self,
channel: ChannelId, channel: ChannelId,
mut session: Session, session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::ShellRequest( self.send_event(ServerHandlerEvent::ShellRequest(
@ -176,14 +176,14 @@ impl russh::server::Handler for ServerHandler {
session.channel_failure(channel) session.channel_failure(channel)
} }
Ok((self, session)) Ok(())
} }
async fn auth_publickey_offered( async fn auth_publickey_offered(
self, &mut self,
user: &str, user: &str,
key: &russh_keys::key::PublicKey, key: &russh_keys::key::PublicKey,
) -> Result<(Self, Auth), Self::Error> { ) -> Result<Auth, Self::Error> {
let user = Secret::new(user.to_string()); let user = Secret::new(user.to_string());
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
@ -194,33 +194,30 @@ impl russh::server::Handler for ServerHandler {
))?; ))?;
let result = rx.await.unwrap_or(false); let result = rx.await.unwrap_or(false);
Ok(( Ok(if result {
self, Auth::Accept
if result { } else {
Auth::Accept Auth::Reject {
} else { proceed_with_methods: None,
Auth::Reject { }
proceed_with_methods: None, })
}
},
))
} }
async fn auth_publickey( async fn auth_publickey(
self, &mut self,
user: &str, user: &str,
key: &russh_keys::key::PublicKey, key: &russh_keys::key::PublicKey,
) -> Result<(Self, Auth), Self::Error> { ) -> Result<Auth, Self::Error> {
let user = Secret::new(user.to_string()); let user = Secret::new(user.to_string());
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::AuthPublicKey(user, key.clone(), tx))?; self.send_event(ServerHandlerEvent::AuthPublicKey(user, key.clone(), tx))?;
let result = rx.await.unwrap_or(Auth::UnsupportedMethod); let result = rx.await.unwrap_or(Auth::UnsupportedMethod);
Ok((self, result)) Ok(result)
} }
async fn auth_password(self, user: &str, password: &str) -> Result<(Self, Auth), Self::Error> { async fn auth_password(&mut self, user: &str, password: &str) -> Result<Auth, Self::Error> {
let user = Secret::new(user.to_string()); let user = Secret::new(user.to_string());
let password = Secret::new(password.to_string()); let password = Secret::new(password.to_string());
@ -229,15 +226,15 @@ impl russh::server::Handler for ServerHandler {
self.send_event(ServerHandlerEvent::AuthPassword(user, password, tx))?; self.send_event(ServerHandlerEvent::AuthPassword(user, password, tx))?;
let result = rx.await.unwrap_or(Auth::UnsupportedMethod); let result = rx.await.unwrap_or(Auth::UnsupportedMethod);
Ok((self, result)) Ok(result)
} }
async fn auth_keyboard_interactive( async fn auth_keyboard_interactive(
self, &mut self,
user: &str, user: &str,
_submethods: &str, _submethods: &str,
response: Option<russh::server::Response<'async_trait>>, response: Option<russh::server::Response<'async_trait>>,
) -> Result<(Self, Auth), Self::Error> { ) -> Result<Auth, Self::Error> {
let user = Secret::new(user.to_string()); let user = Secret::new(user.to_string());
let response = response let response = response
.and_then(|mut r| r.next()) .and_then(|mut r| r.next())
@ -251,15 +248,15 @@ impl russh::server::Handler for ServerHandler {
))?; ))?;
let result = rx.await.unwrap_or(Auth::UnsupportedMethod); let result = rx.await.unwrap_or(Auth::UnsupportedMethod);
Ok((self, result)) Ok(result)
} }
async fn data( async fn data(
self, &mut self,
channel: ChannelId, channel: ChannelId,
data: &[u8], data: &[u8],
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let channel = ServerChannelId(channel); let channel = ServerChannelId(channel);
let data = Bytes::from(data.to_vec()); let data = Bytes::from(data.to_vec());
@ -268,46 +265,46 @@ impl russh::server::Handler for ServerHandler {
self.send_event(ServerHandlerEvent::Data(channel, data, tx))?; self.send_event(ServerHandlerEvent::Data(channel, data, tx))?;
let _ = rx.await; let _ = rx.await;
Ok((self, session)) Ok(())
} }
async fn extended_data( async fn extended_data(
self, &mut self,
channel: ChannelId, channel: ChannelId,
code: u32, code: u32,
data: &[u8], data: &[u8],
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let channel = ServerChannelId(channel); let channel = ServerChannelId(channel);
let data = Bytes::from(data.to_vec()); let data = Bytes::from(data.to_vec());
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::ExtendedData(channel, data, code, tx))?; self.send_event(ServerHandlerEvent::ExtendedData(channel, data, code, tx))?;
let _ = rx.await; let _ = rx.await;
Ok((self, session)) Ok(())
} }
async fn channel_close( async fn channel_close(
self, &mut self,
channel: ChannelId, channel: ChannelId,
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let channel = ServerChannelId(channel); let channel = ServerChannelId(channel);
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::ChannelClose(channel, tx))?; self.send_event(ServerHandlerEvent::ChannelClose(channel, tx))?;
let _ = rx.await; let _ = rx.await;
Ok((self, session)) Ok(())
} }
async fn window_change_request( async fn window_change_request(
self, &mut self,
channel: ChannelId, channel: ChannelId,
col_width: u32, col_width: u32,
row_height: u32, row_height: u32,
pix_width: u32, pix_width: u32,
pix_height: u32, pix_height: u32,
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::WindowChangeRequest( self.send_event(ServerHandlerEvent::WindowChangeRequest(
ServerChannelId(channel), ServerChannelId(channel),
@ -322,14 +319,14 @@ impl russh::server::Handler for ServerHandler {
tx, tx,
))?; ))?;
let _ = rx.await; let _ = rx.await;
Ok((self, session)) Ok(())
} }
async fn channel_eof( async fn channel_eof(
self, &mut self,
channel: ChannelId, channel: ChannelId,
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let channel = ServerChannelId(channel); let channel = ServerChannelId(channel);
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
@ -338,15 +335,15 @@ impl russh::server::Handler for ServerHandler {
.map_err(|_| ServerHandlerError::ChannelSend)?; .map_err(|_| ServerHandlerError::ChannelSend)?;
let _ = rx.await; let _ = rx.await;
Ok((self, session)) Ok(())
} }
async fn signal( async fn signal(
self, &mut self,
channel: ChannelId, channel: ChannelId,
signal_name: russh::Sig, signal_name: russh::Sig,
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::Signal( self.send_event(ServerHandlerEvent::Signal(
ServerChannelId(channel), ServerChannelId(channel),
@ -354,15 +351,15 @@ impl russh::server::Handler for ServerHandler {
tx, tx,
))?; ))?;
let _ = rx.await; let _ = rx.await;
Ok((self, session)) Ok(())
} }
async fn exec_request( async fn exec_request(
self, &mut self,
channel: ChannelId, channel: ChannelId,
data: &[u8], data: &[u8],
mut session: Session, session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let data = Bytes::from(data.to_vec()); let data = Bytes::from(data.to_vec());
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::ExecRequest( self.send_event(ServerHandlerEvent::ExecRequest(
@ -377,16 +374,16 @@ impl russh::server::Handler for ServerHandler {
session.channel_failure(channel) session.channel_failure(channel)
} }
Ok((self, session)) Ok(())
} }
async fn env_request( async fn env_request(
self, &mut self,
channel: ChannelId, channel: ChannelId,
variable_name: &str, variable_name: &str,
variable_value: &str, variable_value: &str,
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let variable_name = variable_name.to_string(); let variable_name = variable_name.to_string();
let variable_value = variable_value.to_string(); let variable_value = variable_value.to_string();
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
@ -397,18 +394,18 @@ impl russh::server::Handler for ServerHandler {
tx, tx,
))?; ))?;
let _ = rx.await; let _ = rx.await;
Ok((self, session)) Ok(())
} }
async fn channel_open_direct_tcpip( async fn channel_open_direct_tcpip(
self, &mut self,
channel: Channel<Msg>, channel: Channel<Msg>,
host_to_connect: &str, host_to_connect: &str,
port_to_connect: u32, port_to_connect: u32,
originator_address: &str, originator_address: &str,
originator_port: u32, originator_port: u32,
session: Session, _session: &mut Session,
) -> Result<(Self, bool, Session), Self::Error> { ) -> Result<bool, Self::Error> {
let host_to_connect = host_to_connect.to_string(); let host_to_connect = host_to_connect.to_string();
let originator_address = originator_address.to_string(); let originator_address = originator_address.to_string();
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
@ -423,18 +420,18 @@ impl russh::server::Handler for ServerHandler {
tx, tx,
))?; ))?;
let allowed = rx.await.unwrap_or(false); let allowed = rx.await.unwrap_or(false);
Ok((self, allowed, session)) Ok(allowed)
} }
async fn x11_request( async fn x11_request(
self, &mut self,
channel: ChannelId, channel: ChannelId,
single_conection: bool, single_conection: bool,
x11_auth_protocol: &str, x11_auth_protocol: &str,
x11_auth_cookie: &str, x11_auth_cookie: &str,
x11_screen_number: u32, x11_screen_number: u32,
session: Session, _session: &mut Session,
) -> Result<(Self, Session), Self::Error> { ) -> Result<(), Self::Error> {
let x11_auth_protocol = x11_auth_protocol.to_string(); let x11_auth_protocol = x11_auth_protocol.to_string();
let x11_auth_cookie = x11_auth_cookie.to_string(); let x11_auth_cookie = x11_auth_cookie.to_string();
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
@ -449,15 +446,15 @@ impl russh::server::Handler for ServerHandler {
tx, tx,
))?; ))?;
let _ = rx.await; let _ = rx.await;
Ok((self, session)) Ok(())
} }
async fn tcpip_forward( async fn tcpip_forward(
self, &mut self,
address: &str, address: &str,
port: &mut u32, port: &mut u32,
mut session: Session, session: &mut Session,
) -> Result<(Self, bool, Session), Self::Error> { ) -> Result<bool, Self::Error> {
let address = address.to_string(); let address = address.to_string();
let port = *port; let port = *port;
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
@ -468,15 +465,15 @@ impl russh::server::Handler for ServerHandler {
} else { } else {
session.request_failure() session.request_failure()
} }
Ok((self, allowed, session)) Ok(allowed)
} }
async fn cancel_tcpip_forward( async fn cancel_tcpip_forward(
self, &mut self,
address: &str, address: &str,
port: u32, port: u32,
mut session: Session, session: &mut Session,
) -> Result<(Self, bool, Session), Self::Error> { ) -> Result<bool, Self::Error> {
let address = address.to_string(); let address = address.to_string();
let (tx, rx) = oneshot::channel(); let (tx, rx) = oneshot::channel();
self.send_event(ServerHandlerEvent::CancelTcpIpForward(address, port, tx))?; self.send_event(ServerHandlerEvent::CancelTcpIpForward(address, port, tx))?;
@ -486,7 +483,7 @@ impl russh::server::Handler for ServerHandler {
} else { } else {
session.request_failure() session.request_failure()
} }
Ok((self, allowed, session)) Ok(allowed)
} }
} }

2
warpgate-web/Cargo.toml
View file

@ -5,7 +5,7 @@ name = "warpgate-web"
version = "0.9.1" version = "0.9.1"
[dependencies] [dependencies]
rust-embed = "6.3" rust-embed = "8.3"
serde = "1.0" serde = "1.0"
serde_json = "1.0" serde_json = "1.0"
thiserror = "1.0" thiserror = "1.0"