RubyGems - smart_proxy_remote_execution_ssh - Versions diffs - 0.2.0 → 0.2.1 - Mend

smart_proxy_remote_execution_ssh 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/lib/smart_proxy_remote_execution_ssh/api.rb +13 -0
data/lib/smart_proxy_remote_execution_ssh/cockpit.rb +252 -0
data/lib/smart_proxy_remote_execution_ssh/plugin.rb +1 -0
data/lib/smart_proxy_remote_execution_ssh/version.rb +1 -1
data/lib/smart_proxy_remote_execution_ssh/webrick_ext.rb +11 -0
data/lib/smart_proxy_remote_execution_ssh.rb +1 -0
metadata +19 -3

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8dc1047c21ec17cf7485df70ef6bf56fa5eff1d05b1e1ba5cc38f334a4c6ed1
-  data.tar.gz: b262ea28dc1bd77278a83134afbe334d6c2a413977eacf3eb6fd6e877123164b
+  metadata.gz: 81a9638ca473014a1f61251fa81823fb907cf725ae0b56a5921c0ad96c6b39be
+  data.tar.gz: 850685e0501af25d38a42061e1422db61b28fe99d2f56aff6edcdfd5501eb69c
 SHA512:
-  metadata.gz: 4e0b5ddece76bc8bbcf24300d3e80dfe75244f6e11333dc247c63a2f6a2216ca9915e7765f24aedcd781eb14e3dadd43142f64c02b44ab63a1ee4ec5c37fbd96
-  data.tar.gz: ef98b2d1813f30d0ce5f35c79497e40ffabc73534f770fd2b82f10bbd03d996833a5f999fdd937177b3c639daa0bacd3908d2610c9a3c63ea565369bf9cec0c5
+  metadata.gz: ce27e71082ff1eed48c4b32bedaf6ea6f8a2998bae010e154938b24de3704ff8297e1000ca3b75a33fc76c46593f555c10236b7a9cb38389322d65d05466cd08
+  data.tar.gz: c733a1a0a5865180b3e62a9b10d2bff8e38dca375fed0acc3a0cb80202784d0dec6b185919d00e8e096d55b8c9ef4c6353d376cc06fae99c307094123dbd6255

data/lib/smart_proxy_remote_execution_ssh/api.rb CHANGED Viewed

@@ -1,9 +1,22 @@
 module Proxy::RemoteExecution
   module Ssh
     class Api < ::Sinatra::Base
+      include Sinatra::Authorization::Helpers
       get "/pubkey" do
         File.read(Ssh.public_key_file)
       end
+      post "/session" do
+        do_authorize_any
+        session = Cockpit::Session.new(env)
+        unless session.valid?
+          return [ 400, "Invalid request: /ssh/session requires connection upgrade to 'raw'" ]
+        end
+        session.hijack!
+        101
+      end
     end
   end
 end

data/lib/smart_proxy_remote_execution_ssh/cockpit.rb ADDED Viewed

@@ -0,0 +1,252 @@
+require 'net/ssh'
+require 'forwardable'
+module Proxy::RemoteExecution
+  module Cockpit
+    # A wrapper class around different kind of sockets to comply with Net::SSH event loop
+    class BufferedSocket
+      include Net::SSH::BufferedIo
+      extend Forwardable
+      # The list of methods taken from OpenSSL::SSL::SocketForwarder for the object to act like a socket
+      def_delegators(:@socket, :to_io, :addr, :peeraddr, :setsockopt, :getsockopt, :fcntl, :close, :closed?, :do_not_reverse_lookup=)
+      def initialize(socket)
+        @socket = socket
+        initialize_buffered_io
+      end
+      def recv
+        raise NotImplementedError
+      end
+      def send
+        raise NotImplementedError
+      end
+      def self.applies_for?(socket)
+        raise NotImplementedError
+      end
+      def self.build(socket)
+        klass = [OpenSSLBufferedSocket, StandardBufferedSocket].find do |potential_class|
+          potential_class.applies_for?(socket)
+        end
+        raise "No suitable implementation of buffered socket available for #{socket.inspect}" unless klass
+        klass.new(socket)
+      end
+    end
+    class StandardBufferedSocket < BufferedSocket
+      def_delegators(:@socket, :send, :recv)
+      def self.applies_for?(socket)
+        socket.respond_to?(:send) && socket.respond_to?(:recv)
+      end
+    end
+    class OpenSSLBufferedSocket < BufferedSocket
+      def self.applies_for?(socket)
+        socket.is_a? ::OpenSSL::SSL::SSLSocket
+      end
+      def_delegators(:@socket, :read_nonblock, :write_nonblock, :close)
+      def recv(n)
+        res = ""
+        begin
+          # To drain a SSLSocket before we can go back to the event
+          # loop, we need to repeatedly call read_nonblock; a single
+          # call is not enough.
+          while true
+            res += @socket.read_nonblock(n)
+          end
+        rescue IO::WaitReadable
+          # Sometimes there is no payload after reading everything
+          # from the underlying socket, but a empty string is treated
+          # as EOF by Net::SSH. So we block a bit until we have
+          # something to return.
+          if res == ""
+            IO.select([@socket.to_io])
+            retry
+          else
+            res
+          end
+        rescue IO::WaitWritable
+          # A renegotiation is happening, let it proceed.
+          IO.select(nil, [@socket.to_io])
+          retry
+        end
+      end
+      def send(mesg, flags)
+        begin
+          @socket.write_nonblock(mesg)
+        rescue IO::WaitWritable
+          0
+        rescue IO::WaitReadable
+          IO.select([@socket.to_io])
+          retry
+        end
+      end
+    end
+    class Session
+      include ::Proxy::Log
+      def initialize(env)
+        @env = env
+      end
+      def valid?
+        @env["HTTP_CONNECTION"] == "upgrade" && @env["HTTP_UPGRADE"].to_s.split(',').any? { |part| part.strip == "raw" }
+      end
+      def hijack!
+        @socket = nil
+        if @env['WEBRICK_SOCKET']
+          @socket = @env['WEBRICK_SOCKET']
+        elsif @env['rack.hijack?']
+          begin
+            @env['rack.hijack'].call
+          rescue NotImplementedError
+          end
+          @socket = @env['rack.hijack_io']
+        end
+        raise 'Internal error: request hijacking not available' unless @socket
+        ssh_on_socket
+      end
+      private
+      def ssh_on_socket
+        with_error_handling { start_ssh_loop }
+      end
+      def with_error_handling
+        yield
+      rescue Net::SSH::AuthenticationFailed => e
+        send_error(401, e.message)
+      rescue Errno::EHOSTUNREACH
+        send_error(400, "No route to #{host}")
+      rescue SystemCallError => e
+        send_error(400, e.message)
+      rescue SocketError => e
+        send_error(400, e.message)
+      rescue Exception => e
+        logger.error e.message
+        logger.debug e.backtrace.join("\n")
+        send_error(500, "Internal error") unless @started
+      ensure
+        unless buf_socket.closed?
+          buf_socket.wait_for_pending_sends
+          buf_socket.close
+        end
+      end
+      def start_ssh_loop
+        err_buf = ""
+        Net::SSH.start(host, ssh_user, ssh_options) do |ssh|
+          channel = ssh.open_channel do |ch|
+            ch.exec(command) do |ch, success|
+              raise "could not execute command" unless success
+              ssh.listen_to(buf_socket)
+              ch.on_process do
+                if buf_socket.available > 0
+                  ch.send_data(buf_socket.read_available)
+                end
+                if buf_socket.closed?
+                  ch.close
+                end
+              end
+              ch.on_data do |ch2, data|
+                send_start
+                buf_socket.enqueue(data)
+              end
+              ch.on_request('exit-status') do |ch, data|
+                code = data.read_long
+                send_start.call if code.zero?
+                err_buf += "Process exited with code #{code}.\r\n"
+                ch.close
+              end
+              ch.on_request('exit-signal') do |ch, data|
+                err_buf += "Process was terminated with signal #{data.read_string}.\r\n"
+                ch.close
+              end
+              ch.on_extended_data do |ch2, type, data|
+                err_buf += data
+              end
+            end
+          end
+          channel.wait
+          send_error(400, err_buf) unless @started
+        end
+      end
+      def send_start
+        unless @started
+          @started = true
+          buf_socket.enqueue("Status: 101\r\n")
+          buf_socket.enqueue("Connection: upgrade\r\n")
+          buf_socket.enqueue("Upgrade: raw\r\n")
+          buf_socket.enqueue("\r\n")
+        end
+      end
+      def send_error(code, msg)
+        buf_socket.enqueue("Status: #{code}\r\n")
+        buf_socket.enqueue("Connection: close\r\n")
+        buf_socket.enqueue("\r\n")
+        buf_socket.enqueue(msg)
+      end
+      def params
+        @params ||= MultiJson.load(@env["rack.input"].read)
+      end
+      def key_file
+        @key_file ||= Proxy::RemoteExecution::Ssh.private_key_file
+      end
+      def buf_socket
+        @buffered_socket ||= BufferedSocket.build(@socket)
+      end
+      def command
+        params["command"]
+      end
+      def ssh_user
+        params["ssh_user"]
+      end
+      def host
+        params["hostname"]
+      end
+      def ssh_options
+        auth_methods = %w(publickey)
+        auth_methods.unshift('password') if params["ssh_password"]
+        ret = { }
+        ret[:port] = params["ssh_port"] if params["ssh_port"]
+        ret[:keys] = [ key_file ] if key_file
+        ret[:password] = params["ssh_password"] if params["ssh_password"]
+        ret[:passphrase] = params[:ssh_key_passphrase] if params[:ssh_key_passphrase]
+        ret[:keys_only] = true
+        ret[:auth_methods] = auth_methods
+        ret[:verify_host_key] = true
+        ret[:number_of_password_prompts] = 1
+        ret
+      end
+    end
+  end
+end

data/lib/smart_proxy_remote_execution_ssh/plugin.rb CHANGED Viewed

@@ -15,6 +15,7 @@ module Proxy::RemoteExecution::Ssh
     after_activation do
       require 'smart_proxy_dynflow'
       require 'smart_proxy_remote_execution_ssh/version'
+      require 'smart_proxy_remote_execution_ssh/cockpit'
       require 'smart_proxy_remote_execution_ssh/api'
       begin

data/lib/smart_proxy_remote_execution_ssh/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module Proxy
   module RemoteExecution
     module Ssh
-      VERSION = '0.2.0'
+      VERSION = '0.2.1'
     end
   end
 end

data/lib/smart_proxy_remote_execution_ssh/webrick_ext.rb ADDED Viewed

@@ -0,0 +1,11 @@
+module SmartProxyRemoteExecutionSsh
+  module WEBrickExt
+    # An extension to ::WEBrick::HTTPRequest to expost the socket object for highjacking for cockpit
+    module HTTPRequestExt
+      def meta_vars
+        super.merge('WEBRICK_SOCKET' => @socket)
+      end
+    end
+  end
+  ::WEBrick::HTTPRequest.send(:prepend, WEBrickExt::HTTPRequestExt)
+end

data/lib/smart_proxy_remote_execution_ssh.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require 'smart_proxy_remote_execution_ssh/version'
 require 'smart_proxy_dynflow'
+require 'smart_proxy_remote_execution_ssh/webrick_ext'
 require 'smart_proxy_remote_execution_ssh/plugin'
 module Proxy::RemoteExecution

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: smart_proxy_remote_execution_ssh
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Ivan Nečas
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-04-06 00:00:00.000000000 Z
+date: 2019-04-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -128,6 +128,20 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 0.3.0
+- !ruby/object:Gem::Dependency
+  name: net-ssh
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: "    Ssh remote execution provider for Foreman Smart-Proxy\n"
 email:
 - inecas@redhat.com
@@ -142,9 +156,11 @@ files:
 - bundler.plugins.d/remote_execution_ssh.rb
 - lib/smart_proxy_remote_execution_ssh.rb
 - lib/smart_proxy_remote_execution_ssh/api.rb
+- lib/smart_proxy_remote_execution_ssh/cockpit.rb
 - lib/smart_proxy_remote_execution_ssh/http_config.ru
 - lib/smart_proxy_remote_execution_ssh/plugin.rb
 - lib/smart_proxy_remote_execution_ssh/version.rb
+- lib/smart_proxy_remote_execution_ssh/webrick_ext.rb
 - settings.d/remote_execution_ssh.yml.example
 homepage: https://github.com/theforeman/smart_proxy_remote_execution_ssh
 licenses:
@@ -166,7 +182,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: Ssh remote execution provider for Foreman Smart-Proxy