Initial commit.

Author: problame

.gitignore

@@ -0,0 +1 @@
+vendor/

Gopkg.lock

@@ -0,0 +1,10 @@
+ignored = ["github.com/spf13/cobra"]
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/ftrvxmtrx/fd"
+
+[[constraint]]
+  branch = "master"
+  name = "github.com/problame/go-rwccmd"
+

Gopkg.toml

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Christian Schwarz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

LICENSE

@@ -0,0 +1 @@
+See `example/` and https://godoc.org/github.com/problame/go-netssh

README.md

@@ -0,0 +1,30 @@
+package netssh
+
+import (
+	"context"
+)
+
+type contextKey int
+
+const (
+	contextKeyLog contextKey = iota
+)
+
+type Logger interface {
+	Printf(format string, args ...interface{})
+}
+
+type discardLog struct {}
+func (d discardLog) Printf(format string, args ...interface{}) {}
+
+func contextLog(ctx context.Context) (log Logger) {
+	log, ok := ctx.Value(contextKeyLog).(Logger)
+	if !ok {
+		log = discardLog{}
+	}
+	return log
+}
+
+func ContextWithLog(ctx context.Context, log Logger) context.Context {
+	return context.WithValue(ctx, contextKeyLog, log)
+}

context.go

@@ -0,0 +1,161 @@
+package netssh
+
+import (
+	"net"
+	"fmt"
+	"context"
+	"io"
+	"bytes"
+	"github.com/problame/go-rwccmd"
+)
+
+type Endpoint struct {
+	Host         string
+	User         string
+	Port         uint16
+	IdentityFile string
+	SSHCommand   string
+	Options      []string
+}
+
+func (e Endpoint) CmdArgs() (cmd string, args []string, env []string) {
+
+	if e.SSHCommand != "" {
+		cmd = e.SSHCommand
+	} else {
+		cmd = "ssh"
+	}
+
+	args = make([]string, 0, 2*len(e.Options)+4)
+	args = append(args,
+		"-p", fmt.Sprintf("%d", e.Port),
+		"-q",
+		"-i", e.IdentityFile,
+		"-o", "BatchMode=yes",
+	)
+	for _, option := range e.Options {
+		args = append(args, "-o", option)
+	}
+	args = append(args, fmt.Sprintf("%s@%s", e.User, e.Host))
+
+	env = []string{}
+
+	return
+}
+
+// FIXME: should conform to net.Conn one day, but deadlines as required by net.Conn are complicated:
+// it requires to keep the connection open when the deadline is exceeded, but rwcconn.Cmd does not provide Deadlines
+// for good reason, see their docs for details.
+type SSHConn struct {
+	c *rwccmd.Cmd
+}
+
+const go_network string = "SSH"
+
+type addr struct {
+	pid int
+}
+
+func (a addr) Network() string {
+	return go_network
+}
+
+func (a addr) String() string {
+	return fmt.Sprintf("pid=%d", a.pid)
+}
+
+func (conn *SSHConn) LocalAddr() net.Addr {
+	return addr{conn.c.Pid()}
+}
+
+func (conn *SSHConn) RemoteAddr() net.Addr {
+	return addr{conn.c.Pid()}
+}
+
+func (conn *SSHConn) Read(p []byte) (int, error) {
+	return conn.c.Read(p)
+}
+
+func (conn *SSHConn) Write(p []byte) (int, error) {
+	return conn.c.Write(p)
+}
+
+func (conn *SSHConn) Close() (error) {
+	return conn.c.Close()
+}
+
+// Use at your own risk...
+func (conn *SSHConn) Cmd() *rwccmd.Cmd {
+	return conn.c
+}
+
+const bannerMessageLen = 31
+var messages = make(map[string][]byte)
+func mustMessage(str string) []byte {
+	if len(str) > bannerMessageLen {
+		panic("message length must be smaller than bannerMessageLen")
+	}
+	if _, ok := messages[str]; ok {
+		panic("duplicate message")
+	}
+	var buf bytes.Buffer
+	n, _ := buf.WriteString(str)
+	if n != len(str) {
+		panic("message must only contain ascii / 8-bit chars")
+	}
+	buf.Write(bytes.Repeat([]byte{0}, bannerMessageLen-n))
+	return buf.Bytes()
+}
+var banner_msg = mustMessage("SSHCON_HELO")
+var proxy_error_msg = mustMessage("SSHCON_PROXY_ERROR")
+var begin_msg = mustMessage("SSHCON_BEGIN")
+
+func Dial(ctx context.Context, endpoint Endpoint) (*SSHConn , error) {
+
+	sshCmd, sshArgs, sshEnv := endpoint.CmdArgs()
+	cmd, err := rwccmd.CommandContext(ctx, sshCmd, sshArgs, sshEnv)
+	if err != nil {
+		return nil, err
+	}
+	if err = cmd.Start(); err != nil {
+		return nil, err
+	}
+
+	confErrChan := make(chan error)
+	go func() {
+		var buf bytes.Buffer
+		if _, err := io.CopyN(&buf, cmd, int64(len(banner_msg))); err != nil {
+			confErrChan <- fmt.Errorf("error reading banner: %s", err)
+			return
+		}
+		resp := buf.Bytes()
+		switch {
+		case bytes.Equal(resp, banner_msg):
+			break
+		case bytes.Equal(resp, proxy_error_msg):
+			confErrChan <- fmt.Errorf("proxy error, check remote configuration")
+			return
+		default:
+			confErrChan <- fmt.Errorf("unknown banner message: %v", resp)
+			return
+		}
+		buf.Reset()
+		buf.Write(begin_msg)
+		if _, err := io.Copy(cmd, &buf); err != nil {
+			confErrChan <- fmt.Errorf("error sending begin message: %s", err)
+			return
+		}
+		close(confErrChan)
+	}()
+
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case err := <-confErrChan:
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return &SSHConn{cmd}, err
+}

dial.go

@@ -0,0 +1,3 @@
+exampleident
+exampleident.pub
+example

example/.gitignore

@@ -0,0 +1,35 @@
+# How to run the example
+
+```
+cd $GOPATH/github.com/problame/go-netssh/example
+go build
+# confirm the following questions with empty passphrase
+ssh-keygen -t ed25519 -f exampleident
+PUBKEY=$(cat exampleident.pub)
+ENTRY="command=\"$(pwd)/example proxy --log /tmp/netssh_proxy.log\",restrict $PUBKEY"
+echo
+echo "Add the following line to your authorized_keys file: "
+echo
+echo $ENTRY
+```
+
+Then, in one terminal, run
+
+```
+./example serve
+```
+
+And in another
+
+```
+touch /tmp/netssh_proxy.log
+tail -f
+```
+
+And in another
+
+```
+./example connect --ssh.user $(id -nu) --ssh.identity exampleident --ssh.host localhost
+```
+
+You should see log activity in all 3 terminals.

example/README.md

@@ -0,0 +1,93 @@
+package cmd
+
+import (
+
+	"github.com/spf13/cobra"
+	"log"
+	"io"
+	"io/ioutil"
+	"time"
+	"context"
+	"os"
+	"github.com/problame/go-netssh"
+	"math"
+	"github.com/problame/go-rwccmd"
+)
+
+var connectArgs struct {
+	killSSHDuration time.Duration
+	waitBeforeRequestDuration time.Duration
+	responseTimeout time.Duration
+	endpoint netssh.Endpoint
+
+}
+
+var connectCmd = &cobra.Command{
+	Use:   "connect",
+	Short: "connect to server over SSH using proxy",
+	Run: func(cmd *cobra.Command, args []string) {
+
+		log := log.New(os.Stdout, "", log.Ltime|log.Lmicroseconds|log.Lshortfile)
+
+		ctx := netssh.ContextWithLog(context.TODO(), log)
+		ctx = rwccmd.ContextWithLog(ctx, log)
+		outstream, err := netssh.Dial(ctx, connectArgs.endpoint)
+		if err != nil {
+			log.Panic(err)
+		}
+		defer func() {
+			log.Printf("closing connection in defer")
+			err := outstream.Close()
+			if err != nil {
+				log.Printf("error closing connection in defer: %s", err)
+			}
+		}()
+
+		if connectArgs.killSSHDuration != 0 {
+			go func(){
+				time.Sleep(connectArgs.killSSHDuration)
+				log.Printf("killing ssh process")
+				if err := outstream.Cmd().Kill(); err != nil {
+					log.Printf("error killing ssh process: %s", err)
+				}
+			}()
+		}
+
+		time.Sleep(connectArgs.waitBeforeRequestDuration)
+
+		var dl time.Time
+		if connectArgs.responseTimeout > 0 {
+			dl = time.Now().Add(connectArgs.responseTimeout)
+		} else {
+			dl = time.Time{}
+		}
+		outstream.Cmd().CloseAtDeadline(dl)
+
+		log.Print("writing request")
+		n, err := outstream.Write([]byte("b\n"))
+		if n != 2 || err != nil {
+			log.Panic(err)
+		}
+		log.Print("read response")
+		_, err = io.CopyN(ioutil.Discard, outstream, int64(Bytecount))
+		if err != nil {
+			log.Panic(err)
+		}
+		log.Print("writing close request")
+		n, err = outstream.Write([]byte("a\n"))
+		if n != 2 || err != nil {
+			log.Panic(err)
+		}
+	},
+}
+
+func init() {
+	RootCmd.AddCommand(connectCmd)
+	connectCmd.Flags().DurationVar(&connectArgs.killSSHDuration, "killSSH",0, "")
+	connectCmd.Flags().DurationVar(&connectArgs.waitBeforeRequestDuration, "wait",0, "")
+	connectCmd.Flags().DurationVar(&connectArgs.responseTimeout, "responseTimeout",math.MaxInt64, "")
+	connectCmd.Flags().StringVar(&connectArgs.endpoint.Host, "ssh.host", "", "")
+	connectCmd.Flags().StringVar(&connectArgs.endpoint.User, "ssh.user", "", "")
+	connectCmd.Flags().StringVar(&connectArgs.endpoint.IdentityFile, "ssh.identity", "", "")
+	connectCmd.Flags().Uint16Var(&connectArgs.endpoint.Port, "ssh.port", 22, "")
+}