mirror of
https://github.com/tailscale/tailscale.git
synced 2024-12-04 23:45:34 +00:00
5a44f9f5b5
While we rearrange/upstream things.
gliderlabs/ssh is forked into tempfork from our prior fork
at be8b7add40
x/crypto/ssh OTOH is forked at
https://github.com/tailscale/golang-x-crypto because it was gnarlier
to vendor with various internal packages, etc.
Its git history shows where it starts (2c7772ba30643b7a2026cbea938420dce7c6384d).
Updates #3802
Change-Id: I546e5cdf831cfc030a6c42557c0ad2c58766c65f
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
84 lines
2.0 KiB
Go
84 lines
2.0 KiB
Go
package ssh
|
|
|
|
import (
|
|
"io"
|
|
"io/ioutil"
|
|
"net"
|
|
"path"
|
|
"sync"
|
|
|
|
gossh "github.com/tailscale/golang-x-crypto/ssh"
|
|
)
|
|
|
|
const (
|
|
agentRequestType = "auth-agent-req@openssh.com"
|
|
agentChannelType = "auth-agent@openssh.com"
|
|
|
|
agentTempDir = "auth-agent"
|
|
agentListenFile = "listener.sock"
|
|
)
|
|
|
|
// contextKeyAgentRequest is an internal context key for storing if the
|
|
// client requested agent forwarding
|
|
var contextKeyAgentRequest = &contextKey{"auth-agent-req"}
|
|
|
|
// SetAgentRequested sets up the session context so that AgentRequested
|
|
// returns true.
|
|
func SetAgentRequested(ctx Context) {
|
|
ctx.SetValue(contextKeyAgentRequest, true)
|
|
}
|
|
|
|
// AgentRequested returns true if the client requested agent forwarding.
|
|
func AgentRequested(sess Session) bool {
|
|
return sess.Context().Value(contextKeyAgentRequest) == true
|
|
}
|
|
|
|
// NewAgentListener sets up a temporary Unix socket that can be communicated
|
|
// to the session environment and used for forwarding connections.
|
|
func NewAgentListener() (net.Listener, error) {
|
|
dir, err := ioutil.TempDir("", agentTempDir)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
l, err := net.Listen("unix", path.Join(dir, agentListenFile))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return l, nil
|
|
}
|
|
|
|
// ForwardAgentConnections takes connections from a listener to proxy into the
|
|
// session on the OpenSSH channel for agent connections. It blocks and services
|
|
// connections until the listener stop accepting.
|
|
func ForwardAgentConnections(l net.Listener, s Session) {
|
|
sshConn := s.Context().Value(ContextKeyConn).(gossh.Conn)
|
|
for {
|
|
conn, err := l.Accept()
|
|
if err != nil {
|
|
return
|
|
}
|
|
go func(conn net.Conn) {
|
|
defer conn.Close()
|
|
channel, reqs, err := sshConn.OpenChannel(agentChannelType, nil)
|
|
if err != nil {
|
|
return
|
|
}
|
|
defer channel.Close()
|
|
go gossh.DiscardRequests(reqs)
|
|
var wg sync.WaitGroup
|
|
wg.Add(2)
|
|
go func() {
|
|
io.Copy(conn, channel)
|
|
conn.(*net.UnixConn).CloseWrite()
|
|
wg.Done()
|
|
}()
|
|
go func() {
|
|
io.Copy(channel, conn)
|
|
channel.CloseWrite()
|
|
wg.Done()
|
|
}()
|
|
wg.Wait()
|
|
}(conn)
|
|
}
|
|
}
|