RubyGems - smart_proxy_remote_execution_ssh - Versions diffs - 0.2.0 → 0.2.1 - Mend

smart_proxy_remote_execution_ssh 0.2.0 → 0.2.1

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/smart_proxy_remote_execution_ssh/api.rb +13 -0
data/lib/smart_proxy_remote_execution_ssh/cockpit.rb +252 -0
data/lib/smart_proxy_remote_execution_ssh/plugin.rb +1 -0
data/lib/smart_proxy_remote_execution_ssh/version.rb +1 -1
data/lib/smart_proxy_remote_execution_ssh/webrick_ext.rb +11 -0
data/lib/smart_proxy_remote_execution_ssh.rb +1 -0
metadata +19 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8dc1047c21ec17cf7485df70ef6bf56fa5eff1d05b1e1ba5cc38f334a4c6ed1
-  data.tar.gz: b262ea28dc1bd77278a83134afbe334d6c2a413977eacf3eb6fd6e877123164b
+  metadata.gz: 81a9638ca473014a1f61251fa81823fb907cf725ae0b56a5921c0ad96c6b39be
+  data.tar.gz: 850685e0501af25d38a42061e1422db61b28fe99d2f56aff6edcdfd5501eb69c
 SHA512:
-  metadata.gz: 4e0b5ddece76bc8bbcf24300d3e80dfe75244f6e11333dc247c63a2f6a2216ca9915e7765f24aedcd781eb14e3dadd43142f64c02b44ab63a1ee4ec5c37fbd96
-  data.tar.gz: ef98b2d1813f30d0ce5f35c79497e40ffabc73534f770fd2b82f10bbd03d996833a5f999fdd937177b3c639daa0bacd3908d2610c9a3c63ea565369bf9cec0c5
+  metadata.gz: ce27e71082ff1eed48c4b32bedaf6ea6f8a2998bae010e154938b24de3704ff8297e1000ca3b75a33fc76c46593f555c10236b7a9cb38389322d65d05466cd08
+  data.tar.gz: c733a1a0a5865180b3e62a9b10d2bff8e38dca375fed0acc3a0cb80202784d0dec6b185919d00e8e096d55b8c9ef4c6353d376cc06fae99c307094123dbd6255

data/lib/smart_proxy_remote_execution_ssh/api.rb CHANGED Viewed

@@ -1,9 +1,22 @@
 module Proxy::RemoteExecution
   module Ssh
     class Api < ::Sinatra::Base
+      include Sinatra::Authorization::Helpers
       get "/pubkey" do
         File.read(Ssh.public_key_file)
       end
+      post "/session" do
+        do_authorize_any
+        session = Cockpit::Session.new(env)
+        unless session.valid?
+          return [ 400, "Invalid request: /ssh/session requires connection upgrade to 'raw'" ]
+        end
+        session.hijack!
+        101
+      end
     end
   end
 end

data/lib/smart_proxy_remote_execution_ssh/cockpit.rb ADDED Viewed

@@ -0,0 +1,252 @@
+require 'net/ssh'
+require 'forwardable'
+module Proxy::RemoteExecution
+  module Cockpit
+    # A wrapper class around different kind of sockets to comply with Net::SSH event loop
+    class BufferedSocket
+      include Net::SSH::BufferedIo
+      extend Forwardable
+      # The list of methods taken from OpenSSL::SSL::SocketForwarder for the object to act like a socket
+      def_delegators(:@socket, :to_io, :addr, :peeraddr, :setsockopt, :getsockopt, :fcntl, :close, :closed?, :do_not_reverse_lookup=)
+      def initialize(socket)
+        @socket = socket
+        initialize_buffered_io
+      end
+      def recv
+        raise NotImplementedError
+      end
+      def send
+        raise NotImplementedError
+      end
+      def self.applies_for?(socket)
+        raise NotImplementedError
+      end
+      def self.build(socket)
+        klass = [OpenSSLBufferedSocket, StandardBufferedSocket].find do |potential_class|
+          potential_class.applies_for?(socket)
+        end
+        raise "No suitable implementation of buffered socket available for #{socket.inspect}" unless klass
+        klass.new(socket)
+      end
+    end
+    class StandardBufferedSocket < BufferedSocket
+      def_delegators(:@socket, :send, :recv)
+      def self.applies_for?(socket)
+        socket.respond_to?(:send) && socket.respond_to?(:recv)
+      end
+    end
+    class OpenSSLBufferedSocket < BufferedSocket
+      def self.applies_for?(socket)
+        socket.is_a? ::OpenSSL::SSL::SSLSocket
+      end
+      def_delegators(:@socket, :read_nonblock, :write_nonblock, :close)
+      def recv(n)
+        res = ""
+        begin
+          # To drain a SSLSocket before we can go back to the event
+          # loop, we need to repeatedly call read_nonblock; a single
+          # call is not enough.
+          while true
+            res += @socket.read_nonblock(n)
+          end
+        rescue IO::WaitReadable
+          # Sometimes there is no payload after reading everything
+          # from the underlying socket, but a empty string is treated
+          # as EOF by Net::SSH. So we block a bit until we have
+          # something to return.
+          if res == ""
+            IO.select([@socket.to_io])
+            retry
+          else
+            res
+          end
+        rescue IO::WaitWritable
+          # A renegotiation is happening, let it proceed.
+          IO.select(nil, [@socket.to_io])
+          retry
+        end
+      end
+      def send(mesg, flags)
+        begin
+          @socket.write_nonblock(mesg)
+        rescue IO::WaitWritable
+          0
+        rescue IO::WaitReadable
+          IO.select([@socket.to_io])
+          retry
+        end
+      end
+    end
+    class Session
+      include ::Proxy::Log
+      def initialize(env)
+        @env = env
+      end
+      def valid?
+        @env["HTTP_CONNECTION"] == "upgrade" && @env["HTTP_UPGRADE"].to_s.split(',').any? { |part| part.strip == "raw" }
+      end
+      def hijack!
+        @socket = nil
+        if @env['WEBRICK_SOCKET']
+          @socket = @env['WEBRICK_SOCKET']
+        elsif @env['rack.hijack?']
+          begin
+            @env['rack.hijack'].call
+          rescue NotImplementedError
+          end
+          @socket = @env['rack.hijack_io']
+        end
+        raise 'Internal error: request hijacking not available' unless @socket
+        ssh_on_socket
+      end
+      private
+      def ssh_on_socket
+        with_error_handling { start_ssh_loop }
+      end
+      def with_error_handling
+        yield
+      rescue Net::SSH::AuthenticationFailed => e
+        send_error(401, e.message)
+      rescue Errno::EHOSTUNREACH
+        send_error(400, "No route to #{host}")
+      rescue SystemCallError => e
+        send_error(400, e.message)
+      rescue SocketError => e
+        send_error(400, e.message)
+      rescue Exception => e
+        logger.error e.message
+        logger.debug e.backtrace.join("\n")
+        send_error(500, "Internal error") unless @started
+      ensure
+        unless buf_socket.closed?
+          buf_socket.wait_for_pending_sends
+          buf_socket.close
+        end
+      end
+      def start_ssh_loop
+        err_buf = ""
+        Net::SSH.start(host, ssh_user, ssh_options) do |ssh|
+          channel = ssh.open_channel do |ch|
+            ch.exec(command) do |ch, success|
+              raise "could not execute command" unless success
+              ssh.listen_to(buf_socket)
+              ch.on_process do
+                if buf_socket.available > 0
+                  ch.send_data(buf_socket.read_available)
+                end
+                if buf_socket.closed?
+                  ch.close
+                end
+              end
+              ch.on_data do |ch2, data|
+                send_start
+                buf_socket.enqueue(data)
+              end
+              ch.on_request('exit-status') do |ch, data|
+                code = data.read_long
+                send_start.call if code.zero?
+                err_buf += "Process exited with code #{code}.\r\n"
+                ch.close
+              end
+              ch.on_request('exit-signal') do |ch, data|
+                err_buf += "Process was terminated with signal #{data.read_string}.\r\n"
+                ch.close
+              end
+              ch.on_extended_data do |ch2, type, data|
+                err_buf += data
+              end
+            end
+          end
+          channel.wait
+          send_error(400, err_buf) unless @started
+        end
+      end
+      def send_start
+        unless @started
+          @started = true
+          buf_socket.enqueue("Status: 101\r\n")
+          buf_socket.enqueue("Connection: upgrade\r\n")
+          buf_socket.enqueue("Upgrade: raw\r\n")
+          buf_socket.enqueue("\r\n")
+        end
+      end
+      def send_error(code, msg)
+        buf_socket.enqueue("Status: #{code}\r\n")
+        buf_socket.enqueue("Connection: close\r\n")
+        buf_socket.enqueue("\r\n")
+        buf_socket.enqueue(msg)
+      end
+      def params
+        @params ||= MultiJson.load(@env["rack.input"].read)
+      end
+      def key_file
+        @key_file ||= Proxy::RemoteExecution::Ssh.private_key_file
+      end
+      def buf_socket
+        @buffered_socket ||= BufferedSocket.build(@socket)
+      end
+      def command
+        params["command"]
+      end
+      def ssh_user
+        params["ssh_user"]
+      end
+      def host
+        params["hostname"]
+      end
+      def ssh_options
+        auth_methods = %w(publickey)
+        auth_methods.unshift('password') if params["ssh_password"]
+        ret = { }
+        ret[:port] = params["ssh_port"] if params["ssh_port"]
+        ret[:keys] = [ key_file ] if key_file
+        ret[:password] = params["ssh_password"] if params["ssh_password"]
+        ret[:passphrase] = params[:ssh_key_passphrase] if params[:ssh_key_passphrase]
+        ret[:keys_only] = true
+        ret[:auth_methods] = auth_methods
+        ret[:verify_host_key] = true
+        ret[:number_of_password_prompts] = 1
+        ret
+      end
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh/plugin.rb CHANGED Viewed

@@ -15,6 +15,7 @@ module Proxy::RemoteExecution::Ssh
     after_activation do
       require 'smart_proxy_dynflow'
       require 'smart_proxy_remote_execution_ssh/version'
+      require 'smart_proxy_remote_execution_ssh/cockpit'
       require 'smart_proxy_remote_execution_ssh/api'
       begin

data/lib/smart_proxy_remote_execution_ssh/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Proxy
   module RemoteExecution
     module Ssh
-      VERSION = '0.2.0'
+      VERSION = '0.2.1'
     end
   end
 end

data/lib/smart_proxy_remote_execution_ssh/webrick_ext.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module SmartProxyRemoteExecutionSsh
+  module WEBrickExt
+    # An extension to ::WEBrick::HTTPRequest to expost the socket object for highjacking for cockpit
+    module HTTPRequestExt
+      def meta_vars
+        super.merge('WEBRICK_SOCKET' => @socket)
+      end
+    end
+  end
+  ::WEBrick::HTTPRequest.send(:prepend, WEBrickExt::HTTPRequestExt)
+end

data/lib/smart_proxy_remote_execution_ssh.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require 'smart_proxy_remote_execution_ssh/version'
 require 'smart_proxy_dynflow'
+require 'smart_proxy_remote_execution_ssh/webrick_ext'
 require 'smart_proxy_remote_execution_ssh/plugin'
 module Proxy::RemoteExecution

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_remote_execution_ssh
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-04-06 00:00:00.000000000 Z
+date: 2019-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -128,6 +128,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 0.3.0
+- !ruby/object:Gem::Dependency
+  name: net-ssh
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: "    Ssh remote execution provider for Foreman Smart-Proxy\n"
 email:
 - inecas@redhat.com
@@ -142,9 +156,11 @@ files:
 - bundler.plugins.d/remote_execution_ssh.rb
 - lib/smart_proxy_remote_execution_ssh.rb
 - lib/smart_proxy_remote_execution_ssh/api.rb
+- lib/smart_proxy_remote_execution_ssh/cockpit.rb
 - lib/smart_proxy_remote_execution_ssh/http_config.ru
 - lib/smart_proxy_remote_execution_ssh/plugin.rb
 - lib/smart_proxy_remote_execution_ssh/version.rb
+- lib/smart_proxy_remote_execution_ssh/webrick_ext.rb
 - settings.d/remote_execution_ssh.yml.example
 homepage: https://github.com/theforeman/smart_proxy_remote_execution_ssh
 licenses:
@@ -166,7 +182,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: Ssh remote execution provider for Foreman Smart-Proxy