mirror of
https://github.com/tailscale/tailscale.git
synced 2025-11-04 02:01:14 +01:00
f0347e841f
The io/ioutil package has been deprecated as of Go 1.16 [1]. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Reference: https://golang.org/doc/go1.16#ioutil Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
84 lines
2.0 KiB
Go
84 lines
2.0 KiB
Go
package ssh
|
|
|
|
import (
|
|
"io"
|
|
"net"
|
|
"os"
|
|
"path"
|
|
"sync"
|
|
|
|
gossh "github.com/tailscale/golang-x-crypto/ssh"
|
|
)
|
|
|
|
const (
|
|
agentRequestType = "auth-agent-req@openssh.com"
|
|
agentChannelType = "auth-agent@openssh.com"
|
|
|
|
agentTempDir = "auth-agent"
|
|
agentListenFile = "listener.sock"
|
|
)
|
|
|
|
// contextKeyAgentRequest is an internal context key for storing if the
|
|
// client requested agent forwarding
|
|
var contextKeyAgentRequest = &contextKey{"auth-agent-req"}
|
|
|
|
// SetAgentRequested sets up the session context so that AgentRequested
|
|
// returns true.
|
|
func SetAgentRequested(ctx Context) {
|
|
ctx.SetValue(contextKeyAgentRequest, true)
|
|
}
|
|
|
|
// AgentRequested returns true if the client requested agent forwarding.
|
|
func AgentRequested(sess Session) bool {
|
|
return sess.Context().Value(contextKeyAgentRequest) == true
|
|
}
|
|
|
|
// NewAgentListener sets up a temporary Unix socket that can be communicated
|
|
// to the session environment and used for forwarding connections.
|
|
func NewAgentListener() (net.Listener, error) {
|
|
dir, err := os.MkdirTemp("", agentTempDir)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
l, err := net.Listen("unix", path.Join(dir, agentListenFile))
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return l, nil
|
|
}
|
|
|
|
// ForwardAgentConnections takes connections from a listener to proxy into the
|
|
// session on the OpenSSH channel for agent connections. It blocks and services
|
|
// connections until the listener stop accepting.
|
|
func ForwardAgentConnections(l net.Listener, s Session) {
|
|
sshConn := s.Context().Value(ContextKeyConn).(gossh.Conn)
|
|
for {
|
|
conn, err := l.Accept()
|
|
if err != nil {
|
|
return
|
|
}
|
|
go func(conn net.Conn) {
|
|
defer conn.Close()
|
|
channel, reqs, err := sshConn.OpenChannel(agentChannelType, nil)
|
|
if err != nil {
|
|
return
|
|
}
|
|
defer channel.Close()
|
|
go gossh.DiscardRequests(reqs)
|
|
var wg sync.WaitGroup
|
|
wg.Add(2)
|
|
go func() {
|
|
io.Copy(conn, channel)
|
|
conn.(*net.UnixConn).CloseWrite()
|
|
wg.Done()
|
|
}()
|
|
go func() {
|
|
io.Copy(channel, conn)
|
|
channel.CloseWrite()
|
|
wg.Done()
|
|
}()
|
|
wg.Wait()
|
|
}(conn)
|
|
}
|
|
}
|