Switch built-in SSH server to use github.com/gliderlabs/ssh

Signed-off-by: Kaleb Elwert <[email protected]>

Author: belak

cmd/serv.go

@@ -70,7 +70,7 @@ func parseCmd(cmd string) (string, string) {
 	if len(ss) != 2 {
 		return "", ""
 	}
-	return ss[0], strings.Replace(ss[1], "'/", "'", 1)
+	return ss[0], ss[1]
 }
 
 var (
@@ -138,7 +138,7 @@ func runServ(c *cli.Context) error {
 		}
 	}
 
-	repoPath := strings.ToLower(strings.Trim(args, "'"))
+	repoPath := strings.ToLower(strings.TrimLeft(strings.Trim(args, "'"), "/"))
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
 		fail("Invalid repository path", "Invalid repository path: %v", args)

integrations/mysql.ini.tmpl

@@ -34,6 +34,7 @@ LFS_CONTENT_PATH = data/lfs-mysql
 OFFLINE_MODE     = false
 LFS_JWT_SECRET   = Tv_MjmZuHqpIY6GFl12ebgkRAMt4RlWt0v4EHKSXO0w
 APP_DATA_PATH    = integrations/gitea-integration-mysql/data
+BUILTIN_SSH_SERVER_USER = git
 
 [mailer]
 ENABLED = false

integrations/pgsql.ini.tmpl

@@ -34,6 +34,7 @@ LFS_CONTENT_PATH = data/lfs-pgsql
 OFFLINE_MODE     = false
 LFS_JWT_SECRET   = Tv_MjmZuHqpIY6GFl12ebgkRAMt4RlWt0v4EHKSXO0w
 APP_DATA_PATH    = integrations/gitea-integration-pgsql/data
+BUILTIN_SSH_SERVER_USER = git
 
 [mailer]
 ENABLED = false

integrations/repo_test.go

@@ -73,7 +73,7 @@ func TestViewRepo1CloneLinkAuthorized(t *testing.T) {
 	assert.Equal(t, setting.AppURL+"user2/repo1.git", link)
 	link, exists = htmlDoc.doc.Find("#repo-clone-ssh").Attr("data-link")
 	assert.True(t, exists, "The template has changed")
-	sshURL := fmt.Sprintf("ssh://%s@%s:%d/user2/repo1.git", setting.RunUser, setting.SSH.Domain, setting.SSH.Port)
+	sshURL := fmt.Sprintf("ssh://%s@%s:%d/user2/repo1.git", setting.SSH.BuiltinServerUser, setting.SSH.Domain, setting.SSH.Port)
 	assert.Equal(t, sshURL, link)
 }
 

integrations/sqlite.ini

@@ -30,6 +30,7 @@ LFS_CONTENT_PATH = data/lfs-sqlite
 OFFLINE_MODE     = false
 LFS_JWT_SECRET   = Tv_MjmZuHqpIY6GFl12ebgkRAMt4RlWt0v4EHKSXO0w
 APP_DATA_PATH    = integrations/gitea-integration-sqlite/data
+BUILTIN_SSH_SERVER_USER = git
 
 [mailer]
 ENABLED = false

modules/ssh/ssh.go

@@ -1,170 +1,174 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
 package ssh
 
 import (
 	"io"
-	"io/ioutil"
-	"net"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"strings"
-
-	"github.com/Unknwon/com"
-	"golang.org/x/crypto/ssh"
+	"sync"
+	"syscall"
+	"unicode"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/Unknwon/com"
+	"github.com/gliderlabs/ssh"
+	gossh "golang.org/x/crypto/ssh"
 )
 
-func cleanCommand(cmd string) string {
-	i := strings.Index(cmd, "git")
-	if i == -1 {
-		return cmd
+type contextKey string
+
+const giteaKeyID = contextKey("gitea-key-id")
+
+func getExitStatusFromError(err error) int {
+	if err == nil {
+		return 0
 	}
-	return cmd[i:]
-}
 
-func handleServerConn(keyID string, chans <-chan ssh.NewChannel) {
-	for newChan := range chans {
-		if newChan.ChannelType() != "session" {
-			newChan.Reject(ssh.UnknownChannelType, "unknown channel type")
-			continue
-		}
+	exitErr, ok := err.(*exec.ExitError)
+	if !ok {
+		return 1
+	}
 
-		ch, reqs, err := newChan.Accept()
-		if err != nil {
-			log.Error(3, "Error accepting channel: %v", err)
-			continue
+	waitStatus, ok := exitErr.Sys().(syscall.WaitStatus)
+	if !ok {
+		// This is a fallback and should at least let us return something useful
+		// when running on Windows, even if it isn't completely accurate.
+		if exitErr.Success() {
+			return 0
 		}
 
-		go func(in <-chan *ssh.Request) {
-			defer ch.Close()
-			for req := range in {
-				payload := cleanCommand(string(req.Payload))
-				switch req.Type {
-				case "env":
-					args := strings.Split(strings.Replace(payload, "\x00", "", -1), "\v")
-					if len(args) != 2 {
-						log.Warn("SSH: Invalid env arguments: '%#v'", args)
-						continue
-					}
-					args[0] = strings.TrimLeft(args[0], "\x04")
-					_, _, err := com.ExecCmdBytes("env", args[0]+"="+args[1])
-					if err != nil {
-						log.Error(3, "env: %v", err)
-						return
-					}
-				case "exec":
-					cmdName := strings.TrimLeft(payload, "'()")
-					log.Trace("SSH: Payload: %v", cmdName)
-
-					args := []string{"serv", "key-" + keyID, "--config=" + setting.CustomConf}
-					log.Trace("SSH: Arguments: %v", args)
-					cmd := exec.Command(setting.AppPath, args...)
-					cmd.Env = append(
-						os.Environ(),
-						"SSH_ORIGINAL_COMMAND="+cmdName,
-						"SKIP_MINWINSVC=1",
-					)
-
-					stdout, err := cmd.StdoutPipe()
-					if err != nil {
-						log.Error(3, "SSH: StdoutPipe: %v", err)
-						return
-					}
-					stderr, err := cmd.StderrPipe()
-					if err != nil {
-						log.Error(3, "SSH: StderrPipe: %v", err)
-						return
-					}
-					input, err := cmd.StdinPipe()
-					if err != nil {
-						log.Error(3, "SSH: StdinPipe: %v", err)
-						return
-					}
-
-					// FIXME: check timeout
-					if err = cmd.Start(); err != nil {
-						log.Error(3, "SSH: Start: %v", err)
-						return
-					}
-
-					req.Reply(true, nil)
-					go io.Copy(input, ch)
-					io.Copy(ch, stdout)
-					io.Copy(ch.Stderr(), stderr)
-
-					if err = cmd.Wait(); err != nil {
-						log.Error(3, "SSH: Wait: %v", err)
-						return
-					}
-
-					ch.SendRequest("exit-status", false, []byte{0, 0, 0, 0})
-					return
-				default:
-				}
-			}
-		}(reqs)
+		return 1
 	}
+
+	return waitStatus.ExitStatus()
 }
 
-func listen(config *ssh.ServerConfig, host string, port int) {
-	listener, err := net.Listen("tcp", host+":"+com.ToStr(port))
+func shellEscape(args []string) string {
+	var data = make([]string, len(args))
+	for k, v := range args {
+		data[k] = v
+
+		// This is a borderline dirty hack. It's designed to only escape
+		// strings which *might* need to be escaped. It uses a very
+		// limited character set so everything that needs to be quoted
+		// will be but we can ignore some simple cases to make it easier
+		// to parse in the ssh hook. We allow alpha-numeric characters
+		// along with ., _, and -
+		idx := strings.IndexFunc(v, func(r rune) bool {
+			return !unicode.IsLetter(r) && !unicode.IsDigit(r) && !strings.ContainsRune(".-_", r)
+		})
+		if idx > -1 || v == "" {
+			data[k] = "'" + strings.Replace(data[k], "'", "'\"'\"'", -1) + "'"
+		}
+	}
+	return strings.Join(data, " ")
+}
+
+func sessionHandler(session ssh.Session) {
+	keyID := session.Context().Value(giteaKeyID).(int64)
+
+	command := shellEscape(session.Command())
+
+	log.Trace("SSH: Payload: %v", command)
+
+	args := []string{"serv", "key-" + com.ToStr(keyID), "--config=" + setting.CustomConf}
+	log.Trace("SSH: Arguments: %v", args)
+	cmd := exec.Command(setting.AppPath, args...)
+	cmd.Env = append(
+		os.Environ(),
+		"SSH_ORIGINAL_COMMAND="+command,
+		"SKIP_MINWINSVC=1",
+	)
+
+	stdout, err := cmd.StdoutPipe()
 	if err != nil {
-		log.Fatal(4, "Failed to start SSH server: %v", err)
+		log.Error(3, "SSH: StdoutPipe: %v", err)
+		return
+	}
+	stderr, err := cmd.StderrPipe()
+	if err != nil {
+		log.Error(3, "SSH: StderrPipe: %v", err)
+		return
+	}
+	stdin, err := cmd.StdinPipe()
+	if err != nil {
+		log.Error(3, "SSH: StdinPipe: %v", err)
+		return
 	}
-	for {
-		// Once a ServerConfig has been configured, connections can be accepted.
-		conn, err := listener.Accept()
-		if err != nil {
-			log.Error(3, "SSH: Error accepting incoming connection: %v", err)
-			continue
-		}
 
-		// Before use, a handshake must be performed on the incoming net.Conn.
-		// It must be handled in a separate goroutine,
-		// otherwise one user could easily block entire loop.
-		// For example, user could be asked to trust server key fingerprint and hangs.
-		go func() {
-			log.Trace("SSH: Handshaking for %s", conn.RemoteAddr())
-			sConn, chans, reqs, err := ssh.NewServerConn(conn, config)
-			if err != nil {
-				if err == io.EOF {
-					log.Warn("SSH: Handshaking was terminated: %v", err)
-				} else {
-					log.Error(3, "SSH: Error on handshaking: %v", err)
-				}
-				return
-			}
-
-			log.Trace("SSH: Connection from %s (%s)", sConn.RemoteAddr(), sConn.ClientVersion())
-			// The incoming Request channel must be serviced.
-			go ssh.DiscardRequests(reqs)
-			go handleServerConn(sConn.Permissions.Extensions["key-id"], chans)
-		}()
+	wg := &sync.WaitGroup{}
+	wg.Add(2)
+
+	if err = cmd.Start(); err != nil {
+		log.Error(3, "SSH: Start: %v", err)
+		return
+	}
+
+	go func() {
+		defer stdin.Close()
+		io.Copy(stdin, session)
+	}()
+
+	go func() {
+		defer wg.Done()
+		io.Copy(session, stdout)
+	}()
+
+	go func() {
+		defer wg.Done()
+		io.Copy(session.Stderr(), stderr)
+	}()
+
+	// Ensure all the output has been written before we wait on the command
+	// to exit.
+	wg.Wait()
+
+	// Wait for the command to exit and log any errors we get
+	err = cmd.Wait()
+	if err != nil {
+		log.Error(3, "SSH: Wait: %v", err)
+	}
+
+	session.Exit(getExitStatusFromError(err))
+}
+
+func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
+	if ctx.User() != setting.SSH.BuiltinServerUser {
+		return false
 	}
+
+	pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(gossh.MarshalAuthorizedKey(key))))
+	if err != nil {
+		log.Error(3, "SearchPublicKeyByContent: %v", err)
+		return false
+	}
+
+	ctx.SetValue(giteaKeyID, pkey.ID)
+
+	return true
 }
 
 // Listen starts a SSH server listens on given port.
 func Listen(host string, port int, ciphers []string, keyExchanges []string, macs []string) {
-	config := &ssh.ServerConfig{
-		Config: ssh.Config{
-			Ciphers:      ciphers,
-			KeyExchanges: keyExchanges,
-			MACs:         macs,
-		},
-		PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
-			pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
-			if err != nil {
-				log.Error(3, "SearchPublicKeyByContent: %v", err)
-				return nil, err
-			}
-			return &ssh.Permissions{Extensions: map[string]string{"key-id": com.ToStr(pkey.ID)}}, nil
+	// TODO: Handle ciphers, keyExchanges, and macs
+
+	srv := ssh.Server{
+		Addr:             host + ":" + com.ToStr(port),
+		PublicKeyHandler: publicKeyHandler,
+		Handler:          sessionHandler,
+
+		// We need to explicitly disable the PtyCallback so text displays
+		// properly.
+		PtyCallback: func(ctx ssh.Context, pty ssh.Pty) bool {
+			return false
 		},
 	}
 
@@ -180,18 +184,10 @@ func Listen(host string, port int, ciphers []string, keyExchanges []string, macs
 		if err != nil {
 			log.Fatal(4, "Failed to generate private key: %v - %s", err, stderr)
 		}
-		log.Trace("SSH: New private key is generateed: %s", keyPath)
+		log.Trace("SSH: New private key is generated: %s", keyPath)
 	}
 
-	privateBytes, err := ioutil.ReadFile(keyPath)
-	if err != nil {
-		log.Fatal(4, "SSH: Failed to load private key")
-	}
-	private, err := ssh.ParsePrivateKey(privateBytes)
-	if err != nil {
-		log.Fatal(4, "SSH: Failed to parse private key")
-	}
-	config.AddHostKey(private)
+	srv.SetOption(ssh.HostKeyFile(keyPath))
 
-	go listen(config, host, port)
+	go srv.ListenAndServe()
 }