| package ssh |
| |
| import ( |
| "bufio" |
| "bytes" |
| "context" |
| "errors" |
| "fmt" |
| "io" |
| "io/ioutil" |
| "log" |
| "math/rand" |
| "net" |
| "os" |
| "path/filepath" |
| "strconv" |
| "strings" |
| "sync" |
| "time" |
| |
| "github.com/apparentlymart/go-shquot/shquot" |
| "github.com/hashicorp/terraform/internal/communicator/remote" |
| "github.com/hashicorp/terraform/internal/provisioners" |
| "github.com/zclconf/go-cty/cty" |
| "golang.org/x/crypto/ssh" |
| "golang.org/x/crypto/ssh/agent" |
| |
| _ "github.com/hashicorp/terraform/internal/logging" |
| ) |
| |
| const ( |
| // DefaultShebang is added at the top of a SSH script file |
| DefaultShebang = "#!/bin/sh\n" |
| ) |
| |
| var ( |
| // randShared is a global random generator object that is shared. This must be |
| // shared since it is seeded by the current time and creating multiple can |
| // result in the same values. By using a shared RNG we assure different numbers |
| // per call. |
| randLock sync.Mutex |
| randShared *rand.Rand |
| |
| // enable ssh keeplive probes by default |
| keepAliveInterval = 2 * time.Second |
| |
| // max time to wait for for a KeepAlive response before considering the |
| // connection to be dead. |
| maxKeepAliveDelay = 120 * time.Second |
| ) |
| |
| // Communicator represents the SSH communicator |
| type Communicator struct { |
| connInfo *connectionInfo |
| client *ssh.Client |
| config *sshConfig |
| conn net.Conn |
| cancelKeepAlive context.CancelFunc |
| |
| lock sync.Mutex |
| } |
| |
| type sshConfig struct { |
| // The configuration of the Go SSH connection |
| config *ssh.ClientConfig |
| |
| // connection returns a new connection. The current connection |
| // in use will be closed as part of the Close method, or in the |
| // case an error occurs. |
| connection func() (net.Conn, error) |
| |
| // noPty, if true, will not request a pty from the remote end. |
| noPty bool |
| |
| // sshAgent is a struct surrounding the agent.Agent client and the net.Conn |
| // to the SSH Agent. It is nil if no SSH agent is configured |
| sshAgent *sshAgent |
| } |
| |
| type fatalError struct { |
| error |
| } |
| |
| func (e fatalError) FatalError() error { |
| return e.error |
| } |
| |
| // New creates a new communicator implementation over SSH. |
| func New(v cty.Value) (*Communicator, error) { |
| connInfo, err := parseConnectionInfo(v) |
| if err != nil { |
| return nil, err |
| } |
| |
| config, err := prepareSSHConfig(connInfo) |
| if err != nil { |
| return nil, err |
| } |
| |
| // Set up the random number generator once. The seed value is the |
| // time multiplied by the PID. This can overflow the int64 but that |
| // is okay. We multiply by the PID in case we have multiple processes |
| // grabbing this at the same time. This is possible with Terraform and |
| // if we communicate to the same host at the same instance, we could |
| // overwrite the same files. Multiplying by the PID prevents this. |
| randLock.Lock() |
| defer randLock.Unlock() |
| if randShared == nil { |
| randShared = rand.New(rand.NewSource( |
| time.Now().UnixNano() * int64(os.Getpid()))) |
| } |
| |
| comm := &Communicator{ |
| connInfo: connInfo, |
| config: config, |
| } |
| |
| return comm, nil |
| } |
| |
| // Connect implementation of communicator.Communicator interface |
| func (c *Communicator) Connect(o provisioners.UIOutput) (err error) { |
| // Grab a lock so we can modify our internal attributes |
| c.lock.Lock() |
| defer c.lock.Unlock() |
| |
| if c.conn != nil { |
| c.conn.Close() |
| } |
| |
| // Set the conn and client to nil since we'll recreate it |
| c.conn = nil |
| c.client = nil |
| |
| if o != nil { |
| o.Output(fmt.Sprintf( |
| "Connecting to remote host via SSH...\n"+ |
| " Host: %s\n"+ |
| " User: %s\n"+ |
| " Password: %t\n"+ |
| " Private key: %t\n"+ |
| " Certificate: %t\n"+ |
| " SSH Agent: %t\n"+ |
| " Checking Host Key: %t\n"+ |
| " Target Platform: %s\n", |
| c.connInfo.Host, c.connInfo.User, |
| c.connInfo.Password != "", |
| c.connInfo.PrivateKey != "", |
| c.connInfo.Certificate != "", |
| c.connInfo.Agent, |
| c.connInfo.HostKey != "", |
| c.connInfo.TargetPlatform, |
| )) |
| |
| if c.connInfo.BastionHost != "" { |
| o.Output(fmt.Sprintf( |
| "Using configured bastion host...\n"+ |
| " Host: %s\n"+ |
| " User: %s\n"+ |
| " Password: %t\n"+ |
| " Private key: %t\n"+ |
| " Certificate: %t\n"+ |
| " SSH Agent: %t\n"+ |
| " Checking Host Key: %t", |
| c.connInfo.BastionHost, c.connInfo.BastionUser, |
| c.connInfo.BastionPassword != "", |
| c.connInfo.BastionPrivateKey != "", |
| c.connInfo.BastionCertificate != "", |
| c.connInfo.Agent, |
| c.connInfo.BastionHostKey != "", |
| )) |
| } |
| |
| if c.connInfo.ProxyHost != "" { |
| o.Output(fmt.Sprintf( |
| "Using configured proxy host...\n"+ |
| " ProxyHost: %s\n"+ |
| " ProxyPort: %d\n"+ |
| " ProxyUserName: %s\n"+ |
| " ProxyUserPassword: %t", |
| c.connInfo.ProxyHost, |
| c.connInfo.ProxyPort, |
| c.connInfo.ProxyUserName, |
| c.connInfo.ProxyUserPassword != "", |
| )) |
| } |
| } |
| |
| hostAndPort := fmt.Sprintf("%s:%d", c.connInfo.Host, c.connInfo.Port) |
| log.Printf("[DEBUG] Connecting to %s for SSH", hostAndPort) |
| c.conn, err = c.config.connection() |
| if err != nil { |
| // Explicitly set this to the REAL nil. Connection() can return |
| // a nil implementation of net.Conn which will make the |
| // "if c.conn == nil" check fail above. Read here for more information |
| // on this psychotic language feature: |
| // |
| // http://golang.org/doc/faq#nil_error |
| c.conn = nil |
| |
| log.Printf("[ERROR] connection error: %s", err) |
| return err |
| } |
| |
| log.Printf("[DEBUG] Connection established. Handshaking for user %v", c.connInfo.User) |
| sshConn, sshChan, req, err := ssh.NewClientConn(c.conn, hostAndPort, c.config.config) |
| if err != nil { |
| err = fmt.Errorf("SSH authentication failed (%s@%s): %w", c.connInfo.User, hostAndPort, err) |
| |
| // While in theory this should be a fatal error, some hosts may start |
| // the ssh service before it is properly configured, or before user |
| // authentication data is available. |
| // Log the error, and allow the provisioner to retry. |
| log.Printf("[WARN] %s", err) |
| return err |
| } |
| |
| c.client = ssh.NewClient(sshConn, sshChan, req) |
| |
| if c.config.sshAgent != nil { |
| log.Printf("[DEBUG] Telling SSH config to forward to agent") |
| if err := c.config.sshAgent.ForwardToAgent(c.client); err != nil { |
| return fatalError{err} |
| } |
| |
| log.Printf("[DEBUG] Setting up a session to request agent forwarding") |
| session, err := c.client.NewSession() |
| if err != nil { |
| return err |
| } |
| defer session.Close() |
| |
| err = agent.RequestAgentForwarding(session) |
| |
| if err == nil { |
| log.Printf("[INFO] agent forwarding enabled") |
| } else { |
| log.Printf("[WARN] error forwarding agent: %s", err) |
| } |
| } |
| |
| if err != nil { |
| return err |
| } |
| |
| if o != nil { |
| o.Output("Connected!") |
| } |
| |
| ctx, cancelKeepAlive := context.WithCancel(context.TODO()) |
| c.cancelKeepAlive = cancelKeepAlive |
| |
| // Start a keepalive goroutine to help maintain the connection for |
| // long-running commands. |
| log.Printf("[DEBUG] starting ssh KeepAlives") |
| |
| // We want a local copy of the ssh client pointer, so that a reconnect |
| // doesn't race with the running keep-alive loop. |
| sshClient := c.client |
| go func() { |
| defer cancelKeepAlive() |
| // Along with the KeepAlives generating packets to keep the tcp |
| // connection open, we will use the replies to verify liveness of the |
| // connection. This will prevent dead connections from blocking the |
| // provisioner indefinitely. |
| respCh := make(chan error, 1) |
| |
| go func() { |
| t := time.NewTicker(keepAliveInterval) |
| defer t.Stop() |
| for { |
| select { |
| case <-t.C: |
| _, _, err := sshClient.SendRequest("keepalive@terraform.io", true, nil) |
| respCh <- err |
| case <-ctx.Done(): |
| return |
| } |
| } |
| }() |
| |
| after := time.NewTimer(maxKeepAliveDelay) |
| defer after.Stop() |
| |
| for { |
| select { |
| case err := <-respCh: |
| if err != nil { |
| log.Printf("[ERROR] ssh keepalive: %s", err) |
| sshConn.Close() |
| return |
| } |
| case <-after.C: |
| // abort after too many missed keepalives |
| log.Println("[ERROR] no reply from ssh server") |
| sshConn.Close() |
| return |
| case <-ctx.Done(): |
| return |
| } |
| if !after.Stop() { |
| <-after.C |
| } |
| after.Reset(maxKeepAliveDelay) |
| } |
| }() |
| |
| return nil |
| } |
| |
| // Disconnect implementation of communicator.Communicator interface |
| func (c *Communicator) Disconnect() error { |
| c.lock.Lock() |
| defer c.lock.Unlock() |
| |
| if c.cancelKeepAlive != nil { |
| c.cancelKeepAlive() |
| } |
| |
| if c.config.sshAgent != nil { |
| if err := c.config.sshAgent.Close(); err != nil { |
| return err |
| } |
| } |
| |
| if c.conn != nil { |
| conn := c.conn |
| c.conn = nil |
| return conn.Close() |
| } |
| |
| return nil |
| } |
| |
| // Timeout implementation of communicator.Communicator interface |
| func (c *Communicator) Timeout() time.Duration { |
| return c.connInfo.TimeoutVal |
| } |
| |
| // ScriptPath implementation of communicator.Communicator interface |
| func (c *Communicator) ScriptPath() string { |
| randLock.Lock() |
| defer randLock.Unlock() |
| |
| return strings.Replace( |
| c.connInfo.ScriptPath, "%RAND%", |
| strconv.FormatInt(int64(randShared.Int31()), 10), -1) |
| } |
| |
| // Start implementation of communicator.Communicator interface |
| func (c *Communicator) Start(cmd *remote.Cmd) error { |
| cmd.Init() |
| |
| session, err := c.newSession() |
| if err != nil { |
| return err |
| } |
| |
| // Set up our session |
| session.Stdin = cmd.Stdin |
| session.Stdout = cmd.Stdout |
| session.Stderr = cmd.Stderr |
| |
| if !c.config.noPty && c.connInfo.TargetPlatform != TargetPlatformWindows { |
| // Request a PTY |
| termModes := ssh.TerminalModes{ |
| ssh.ECHO: 0, // do not echo |
| ssh.TTY_OP_ISPEED: 14400, // input speed = 14.4kbaud |
| ssh.TTY_OP_OSPEED: 14400, // output speed = 14.4kbaud |
| } |
| |
| if err := session.RequestPty("xterm", 80, 40, termModes); err != nil { |
| return err |
| } |
| } |
| |
| log.Printf("[DEBUG] starting remote command: %s", cmd.Command) |
| err = session.Start(strings.TrimSpace(cmd.Command) + "\n") |
| if err != nil { |
| return err |
| } |
| |
| // Start a goroutine to wait for the session to end and set the |
| // exit boolean and status. |
| go func() { |
| defer session.Close() |
| |
| err := session.Wait() |
| exitStatus := 0 |
| if err != nil { |
| exitErr, ok := err.(*ssh.ExitError) |
| if ok { |
| exitStatus = exitErr.ExitStatus() |
| } |
| } |
| |
| cmd.SetExitStatus(exitStatus, err) |
| log.Printf("[DEBUG] remote command exited with '%d': %s", exitStatus, cmd.Command) |
| }() |
| |
| return nil |
| } |
| |
| // Upload implementation of communicator.Communicator interface |
| func (c *Communicator) Upload(path string, input io.Reader) error { |
| // The target directory and file for talking the SCP protocol |
| targetDir := filepath.Dir(path) |
| targetFile := filepath.Base(path) |
| |
| // On windows, filepath.Dir uses backslash separators (ie. "\tmp"). |
| // This does not work when the target host is unix. Switch to forward slash |
| // which works for unix and windows |
| targetDir = filepath.ToSlash(targetDir) |
| |
| // Skip copying if we can get the file size directly from common io.Readers |
| size := int64(0) |
| |
| switch src := input.(type) { |
| case *os.File: |
| fi, err := src.Stat() |
| if err == nil { |
| size = fi.Size() |
| } |
| case *bytes.Buffer: |
| size = int64(src.Len()) |
| case *bytes.Reader: |
| size = int64(src.Len()) |
| case *strings.Reader: |
| size = int64(src.Len()) |
| } |
| |
| scpFunc := func(w io.Writer, stdoutR *bufio.Reader) error { |
| return scpUploadFile(targetFile, input, w, stdoutR, size) |
| } |
| |
| cmd, err := quoteShell([]string{"scp", "-vt", targetDir}, c.connInfo.TargetPlatform) |
| if err != nil { |
| return err |
| } |
| return c.scpSession(cmd, scpFunc) |
| } |
| |
| // UploadScript implementation of communicator.Communicator interface |
| func (c *Communicator) UploadScript(path string, input io.Reader) error { |
| reader := bufio.NewReader(input) |
| prefix, err := reader.Peek(2) |
| if err != nil { |
| return fmt.Errorf("Error reading script: %s", err) |
| } |
| var script bytes.Buffer |
| |
| if string(prefix) != "#!" && c.connInfo.TargetPlatform != TargetPlatformWindows { |
| script.WriteString(DefaultShebang) |
| } |
| script.ReadFrom(reader) |
| |
| if err := c.Upload(path, &script); err != nil { |
| return err |
| } |
| if c.connInfo.TargetPlatform != TargetPlatformWindows { |
| var stdout, stderr bytes.Buffer |
| cmd := &remote.Cmd{ |
| Command: fmt.Sprintf("chmod 0777 %s", path), |
| Stdout: &stdout, |
| Stderr: &stderr, |
| } |
| if err := c.Start(cmd); err != nil { |
| return fmt.Errorf( |
| "Error chmodding script file to 0777 in remote "+ |
| "machine: %s", err) |
| } |
| |
| if err := cmd.Wait(); err != nil { |
| return fmt.Errorf( |
| "Error chmodding script file to 0777 in remote "+ |
| "machine %v: %s %s", err, stdout.String(), stderr.String()) |
| } |
| } |
| return nil |
| } |
| |
| // UploadDir implementation of communicator.Communicator interface |
| func (c *Communicator) UploadDir(dst string, src string) error { |
| log.Printf("[DEBUG] Uploading dir '%s' to '%s'", src, dst) |
| scpFunc := func(w io.Writer, r *bufio.Reader) error { |
| uploadEntries := func() error { |
| f, err := os.Open(src) |
| if err != nil { |
| return err |
| } |
| defer f.Close() |
| |
| entries, err := f.Readdir(-1) |
| if err != nil { |
| return err |
| } |
| |
| return scpUploadDir(src, entries, w, r) |
| } |
| |
| if src[len(src)-1] != '/' { |
| log.Printf("[DEBUG] No trailing slash, creating the source directory name") |
| return scpUploadDirProtocol(filepath.Base(src), w, r, uploadEntries) |
| } |
| // Trailing slash, so only upload the contents |
| return uploadEntries() |
| } |
| |
| cmd, err := quoteShell([]string{"scp", "-rvt", dst}, c.connInfo.TargetPlatform) |
| if err != nil { |
| return err |
| } |
| return c.scpSession(cmd, scpFunc) |
| } |
| |
| func (c *Communicator) newSession() (session *ssh.Session, err error) { |
| log.Println("[DEBUG] opening new ssh session") |
| if c.client == nil { |
| err = errors.New("ssh client is not connected") |
| } else { |
| session, err = c.client.NewSession() |
| } |
| |
| if err != nil { |
| log.Printf("[WARN] ssh session open error: '%s', attempting reconnect", err) |
| if err := c.Connect(nil); err != nil { |
| return nil, err |
| } |
| |
| return c.client.NewSession() |
| } |
| |
| return session, nil |
| } |
| |
| func (c *Communicator) scpSession(scpCommand string, f func(io.Writer, *bufio.Reader) error) error { |
| session, err := c.newSession() |
| if err != nil { |
| return err |
| } |
| defer session.Close() |
| |
| // Get a pipe to stdin so that we can send data down |
| stdinW, err := session.StdinPipe() |
| if err != nil { |
| return err |
| } |
| |
| // We only want to close once, so we nil w after we close it, |
| // and only close in the defer if it hasn't been closed already. |
| defer func() { |
| if stdinW != nil { |
| stdinW.Close() |
| } |
| }() |
| |
| // Get a pipe to stdout so that we can get responses back |
| stdoutPipe, err := session.StdoutPipe() |
| if err != nil { |
| return err |
| } |
| stdoutR := bufio.NewReader(stdoutPipe) |
| |
| // Set stderr to a bytes buffer |
| stderr := new(bytes.Buffer) |
| session.Stderr = stderr |
| |
| // Start the sink mode on the other side |
| // TODO(mitchellh): There are probably issues with shell escaping the path |
| log.Println("[DEBUG] Starting remote scp process: ", scpCommand) |
| if err := session.Start(scpCommand); err != nil { |
| return err |
| } |
| |
| // Call our callback that executes in the context of SCP. We ignore |
| // EOF errors if they occur because it usually means that SCP prematurely |
| // ended on the other side. |
| log.Println("[DEBUG] Started SCP session, beginning transfers...") |
| if err := f(stdinW, stdoutR); err != nil && err != io.EOF { |
| return err |
| } |
| |
| // Close the stdin, which sends an EOF, and then set w to nil so that |
| // our defer func doesn't close it again since that is unsafe with |
| // the Go SSH package. |
| log.Println("[DEBUG] SCP session complete, closing stdin pipe.") |
| stdinW.Close() |
| stdinW = nil |
| |
| // Wait for the SCP connection to close, meaning it has consumed all |
| // our data and has completed. Or has errored. |
| log.Println("[DEBUG] Waiting for SSH session to complete.") |
| err = session.Wait() |
| |
| // log any stderr before exiting on an error |
| scpErr := stderr.String() |
| if len(scpErr) > 0 { |
| log.Printf("[ERROR] scp stderr: %q", stderr) |
| } |
| |
| if err != nil { |
| if exitErr, ok := err.(*ssh.ExitError); ok { |
| // Otherwise, we have an ExitErorr, meaning we can just read |
| // the exit status |
| log.Printf("[ERROR] %s", exitErr) |
| |
| // If we exited with status 127, it means SCP isn't available. |
| // Return a more descriptive error for that. |
| if exitErr.ExitStatus() == 127 { |
| return errors.New( |
| "SCP failed to start. This usually means that SCP is not\n" + |
| "properly installed on the remote system.") |
| } |
| } |
| |
| return err |
| } |
| |
| return nil |
| } |
| |
| // checkSCPStatus checks that a prior command sent to SCP completed |
| // successfully. If it did not complete successfully, an error will |
| // be returned. |
| func checkSCPStatus(r *bufio.Reader) error { |
| code, err := r.ReadByte() |
| if err != nil { |
| return err |
| } |
| |
| if code != 0 { |
| // Treat any non-zero (really 1 and 2) as fatal errors |
| message, _, err := r.ReadLine() |
| if err != nil { |
| return fmt.Errorf("Error reading error message: %s", err) |
| } |
| |
| return errors.New(string(message)) |
| } |
| |
| return nil |
| } |
| |
| var testUploadSizeHook func(size int64) |
| |
| func scpUploadFile(dst string, src io.Reader, w io.Writer, r *bufio.Reader, size int64) error { |
| if testUploadSizeHook != nil { |
| testUploadSizeHook(size) |
| } |
| |
| if size == 0 { |
| // Create a temporary file where we can copy the contents of the src |
| // so that we can determine the length, since SCP is length-prefixed. |
| tf, err := ioutil.TempFile("", "terraform-upload") |
| if err != nil { |
| return fmt.Errorf("Error creating temporary file for upload: %s", err) |
| } |
| defer os.Remove(tf.Name()) |
| defer tf.Close() |
| |
| log.Println("[DEBUG] Copying input data into temporary file so we can read the length") |
| if _, err := io.Copy(tf, src); err != nil { |
| return err |
| } |
| |
| // Sync the file so that the contents are definitely on disk, then |
| // read the length of it. |
| if err := tf.Sync(); err != nil { |
| return fmt.Errorf("Error creating temporary file for upload: %s", err) |
| } |
| |
| // Seek the file to the beginning so we can re-read all of it |
| if _, err := tf.Seek(0, 0); err != nil { |
| return fmt.Errorf("Error creating temporary file for upload: %s", err) |
| } |
| |
| fi, err := tf.Stat() |
| if err != nil { |
| return fmt.Errorf("Error creating temporary file for upload: %s", err) |
| } |
| |
| src = tf |
| size = fi.Size() |
| } |
| |
| // Start the protocol |
| log.Println("[DEBUG] Beginning file upload...") |
| fmt.Fprintln(w, "C0644", size, dst) |
| if err := checkSCPStatus(r); err != nil { |
| return err |
| } |
| |
| if _, err := io.Copy(w, src); err != nil { |
| return err |
| } |
| |
| fmt.Fprint(w, "\x00") |
| if err := checkSCPStatus(r); err != nil { |
| return err |
| } |
| |
| return nil |
| } |
| |
| func scpUploadDirProtocol(name string, w io.Writer, r *bufio.Reader, f func() error) error { |
| log.Printf("[DEBUG] SCP: starting directory upload: %s", name) |
| fmt.Fprintln(w, "D0755 0", name) |
| err := checkSCPStatus(r) |
| if err != nil { |
| return err |
| } |
| |
| if err := f(); err != nil { |
| return err |
| } |
| |
| fmt.Fprintln(w, "E") |
| if err != nil { |
| return err |
| } |
| |
| return nil |
| } |
| |
| func scpUploadDir(root string, fs []os.FileInfo, w io.Writer, r *bufio.Reader) error { |
| for _, fi := range fs { |
| realPath := filepath.Join(root, fi.Name()) |
| |
| // Track if this is actually a symlink to a directory. If it is |
| // a symlink to a file we don't do any special behavior because uploading |
| // a file just works. If it is a directory, we need to know so we |
| // treat it as such. |
| isSymlinkToDir := false |
| if fi.Mode()&os.ModeSymlink == os.ModeSymlink { |
| symPath, err := filepath.EvalSymlinks(realPath) |
| if err != nil { |
| return err |
| } |
| |
| symFi, err := os.Lstat(symPath) |
| if err != nil { |
| return err |
| } |
| |
| isSymlinkToDir = symFi.IsDir() |
| } |
| |
| if !fi.IsDir() && !isSymlinkToDir { |
| // It is a regular file (or symlink to a file), just upload it |
| f, err := os.Open(realPath) |
| if err != nil { |
| return err |
| } |
| |
| err = func() error { |
| defer f.Close() |
| return scpUploadFile(fi.Name(), f, w, r, fi.Size()) |
| }() |
| |
| if err != nil { |
| return err |
| } |
| |
| continue |
| } |
| |
| // It is a directory, recursively upload |
| err := scpUploadDirProtocol(fi.Name(), w, r, func() error { |
| f, err := os.Open(realPath) |
| if err != nil { |
| return err |
| } |
| defer f.Close() |
| |
| entries, err := f.Readdir(-1) |
| if err != nil { |
| return err |
| } |
| |
| return scpUploadDir(realPath, entries, w, r) |
| }) |
| if err != nil { |
| return err |
| } |
| } |
| |
| return nil |
| } |
| |
| // ConnectFunc is a convenience method for returning a function |
| // that just uses net.Dial to communicate with the remote end that |
| // is suitable for use with the SSH communicator configuration. |
| func ConnectFunc(network, addr string, p *proxyInfo) func() (net.Conn, error) { |
| return func() (net.Conn, error) { |
| var c net.Conn |
| var err error |
| |
| // Wrap connection to host if proxy server is configured |
| if p != nil { |
| RegisterDialerType() |
| c, err = newHttpProxyConn(p, addr) |
| } else { |
| c, err = net.DialTimeout(network, addr, 15*time.Second) |
| } |
| |
| if err != nil { |
| return nil, err |
| } |
| |
| if tcpConn, ok := c.(*net.TCPConn); ok { |
| tcpConn.SetKeepAlive(true) |
| } |
| |
| return c, nil |
| } |
| } |
| |
| // BastionConnectFunc is a convenience method for returning a function |
| // that connects to a host over a bastion connection. |
| func BastionConnectFunc( |
| bProto string, |
| bAddr string, |
| bConf *ssh.ClientConfig, |
| proto string, |
| addr string, |
| p *proxyInfo) func() (net.Conn, error) { |
| return func() (net.Conn, error) { |
| log.Printf("[DEBUG] Connecting to bastion: %s", bAddr) |
| var bastion *ssh.Client |
| var err error |
| |
| // Wrap connection to bastion server if proxy server is configured |
| if p != nil { |
| var pConn net.Conn |
| var bConn ssh.Conn |
| var bChans <-chan ssh.NewChannel |
| var bReq <-chan *ssh.Request |
| |
| RegisterDialerType() |
| pConn, err = newHttpProxyConn(p, bAddr) |
| |
| if err != nil { |
| return nil, fmt.Errorf("Error connecting to proxy: %s", err) |
| } |
| |
| bConn, bChans, bReq, err = ssh.NewClientConn(pConn, bAddr, bConf) |
| |
| if err != nil { |
| return nil, fmt.Errorf("Error creating new client connection via proxy: %s", err) |
| } |
| |
| bastion = ssh.NewClient(bConn, bChans, bReq) |
| } else { |
| bastion, err = ssh.Dial(bProto, bAddr, bConf) |
| } |
| |
| if err != nil { |
| return nil, fmt.Errorf("Error connecting to bastion: %s", err) |
| } |
| |
| log.Printf("[DEBUG] Connecting via bastion (%s) to host: %s", bAddr, addr) |
| conn, err := bastion.Dial(proto, addr) |
| if err != nil { |
| bastion.Close() |
| return nil, err |
| } |
| |
| // Wrap it up so we close both things properly |
| return &bastionConn{ |
| Conn: conn, |
| Bastion: bastion, |
| }, nil |
| } |
| } |
| |
| type bastionConn struct { |
| net.Conn |
| Bastion *ssh.Client |
| } |
| |
| func (c *bastionConn) Close() error { |
| c.Conn.Close() |
| return c.Bastion.Close() |
| } |
| |
| func quoteShell(args []string, targetPlatform string) (string, error) { |
| if targetPlatform == TargetPlatformUnix { |
| return shquot.POSIXShell(args), nil |
| } |
| if targetPlatform == TargetPlatformWindows { |
| return shquot.WindowsArgv(args), nil |
| } |
| |
| return "", fmt.Errorf("Cannot quote shell command, target platform unknown: %s", targetPlatform) |
| |
| } |