2017-03-03 18:05:50 +00:00
|
|
|
#include "ssh.hh"
|
2023-03-09 14:16:29 +00:00
|
|
|
#include "finally.hh"
|
2017-03-03 18:05:50 +00:00
|
|
|
|
|
|
|
namespace nix {
|
|
|
|
|
2021-02-25 01:52:22 +00:00
|
|
|
SSHMaster::SSHMaster(const std::string & host, const std::string & keyFile, const std::string & sshPublicHostKey, bool useMaster, bool compress, int logFD)
|
2017-08-11 11:55:41 +00:00
|
|
|
: host(host)
|
2018-08-03 16:12:28 +00:00
|
|
|
, fakeSSH(host == "localhost")
|
2017-08-11 11:55:41 +00:00
|
|
|
, keyFile(keyFile)
|
2021-02-25 01:52:22 +00:00
|
|
|
, sshPublicHostKey(sshPublicHostKey)
|
2018-08-03 16:12:28 +00:00
|
|
|
, useMaster(useMaster && !fakeSSH)
|
2017-08-11 11:55:41 +00:00
|
|
|
, compress(compress)
|
|
|
|
, logFD(logFD)
|
|
|
|
{
|
|
|
|
if (host == "" || hasPrefix(host, "-"))
|
|
|
|
throw Error("invalid SSH host name '%s'", host);
|
2021-02-25 01:52:22 +00:00
|
|
|
|
|
|
|
auto state(state_.lock());
|
|
|
|
state->tmpDir = std::make_unique<AutoDelete>(createTempDir("", "nix", true, true, 0700));
|
2017-08-11 11:55:41 +00:00
|
|
|
}
|
|
|
|
|
2017-03-21 13:35:50 +00:00
|
|
|
void SSHMaster::addCommonSSHOpts(Strings & args)
|
|
|
|
{
|
2021-02-25 01:52:22 +00:00
|
|
|
auto state(state_.lock());
|
|
|
|
|
2019-11-22 15:06:44 +00:00
|
|
|
for (auto & i : tokenizeString<Strings>(getEnv("NIX_SSHOPTS").value_or("")))
|
2017-03-21 13:35:50 +00:00
|
|
|
args.push_back(i);
|
|
|
|
if (!keyFile.empty())
|
|
|
|
args.insert(args.end(), {"-i", keyFile});
|
2021-02-25 01:52:22 +00:00
|
|
|
if (!sshPublicHostKey.empty()) {
|
|
|
|
Path fileName = (Path) *state->tmpDir + "/host-key";
|
|
|
|
auto p = host.rfind("@");
|
2022-02-25 15:00:00 +00:00
|
|
|
std::string thost = p != std::string::npos ? std::string(host, p + 1) : host;
|
2021-02-25 01:52:22 +00:00
|
|
|
writeFile(fileName, thost + " " + base64Decode(sshPublicHostKey) + "\n");
|
|
|
|
args.insert(args.end(), {"-oUserKnownHostsFile=" + fileName});
|
|
|
|
}
|
2017-03-21 13:35:50 +00:00
|
|
|
if (compress)
|
|
|
|
args.push_back("-C");
|
2023-03-09 14:16:29 +00:00
|
|
|
|
|
|
|
args.push_back("-oPermitLocalCommand=yes");
|
|
|
|
args.push_back("-oLocalCommand=echo started");
|
2017-03-21 13:35:50 +00:00
|
|
|
}
|
|
|
|
|
2023-05-16 12:48:04 +00:00
|
|
|
bool SSHMaster::isMasterRunning() {
|
2023-06-13 02:45:53 +00:00
|
|
|
Strings args = {"-O", "check", host};
|
|
|
|
addCommonSSHOpts(args);
|
|
|
|
|
|
|
|
auto res = runProgram(RunOptions {.program = "ssh", .args = args, .mergeStderrToStdout = true});
|
2023-05-16 12:48:04 +00:00
|
|
|
return res.first == 0;
|
|
|
|
}
|
|
|
|
|
2017-03-03 18:05:50 +00:00
|
|
|
std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string & command)
|
|
|
|
{
|
2017-03-03 18:28:27 +00:00
|
|
|
Path socketPath = startMaster();
|
2017-03-03 18:05:50 +00:00
|
|
|
|
|
|
|
Pipe in, out;
|
|
|
|
in.create();
|
|
|
|
out.create();
|
|
|
|
|
|
|
|
auto conn = std::make_unique<Connection>();
|
2020-02-14 06:47:48 +00:00
|
|
|
ProcessOptions options;
|
|
|
|
options.dieWithParent = false;
|
|
|
|
|
2023-03-09 14:16:29 +00:00
|
|
|
if (!fakeSSH && !useMaster) {
|
|
|
|
logger->pause();
|
|
|
|
}
|
|
|
|
Finally cleanup = [&]() { logger->resume(); };
|
|
|
|
|
2017-03-03 18:05:50 +00:00
|
|
|
conn->sshPid = startProcess([&]() {
|
2021-04-07 11:10:02 +00:00
|
|
|
restoreProcessContext();
|
2017-03-03 18:05:50 +00:00
|
|
|
|
|
|
|
close(in.writeSide.get());
|
|
|
|
close(out.readSide.get());
|
|
|
|
|
|
|
|
if (dup2(in.readSide.get(), STDIN_FILENO) == -1)
|
|
|
|
throw SysError("duping over stdin");
|
|
|
|
if (dup2(out.writeSide.get(), STDOUT_FILENO) == -1)
|
|
|
|
throw SysError("duping over stdout");
|
2017-05-02 10:01:46 +00:00
|
|
|
if (logFD != -1 && dup2(logFD, STDERR_FILENO) == -1)
|
|
|
|
throw SysError("duping over stderr");
|
2017-03-03 18:05:50 +00:00
|
|
|
|
2018-08-03 16:12:28 +00:00
|
|
|
Strings args;
|
|
|
|
|
|
|
|
if (fakeSSH) {
|
|
|
|
args = { "bash", "-c" };
|
|
|
|
} else {
|
2022-10-23 00:51:22 +00:00
|
|
|
args = { "ssh", host.c_str(), "-x" };
|
2018-08-03 16:12:28 +00:00
|
|
|
addCommonSSHOpts(args);
|
|
|
|
if (socketPath != "")
|
|
|
|
args.insert(args.end(), {"-S", socketPath});
|
|
|
|
if (verbosity >= lvlChatty)
|
|
|
|
args.push_back("-v");
|
|
|
|
}
|
|
|
|
|
2017-03-03 18:05:50 +00:00
|
|
|
args.push_back(command);
|
|
|
|
execvp(args.begin()->c_str(), stringsToCharPtrs(args).data());
|
|
|
|
|
2019-12-12 14:15:18 +00:00
|
|
|
// could not exec ssh/bash
|
2019-12-13 11:53:20 +00:00
|
|
|
throw SysError("unable to execute '%s'", args.front());
|
2020-02-14 06:47:48 +00:00
|
|
|
}, options);
|
2017-03-03 18:05:50 +00:00
|
|
|
|
|
|
|
|
|
|
|
in.readSide = -1;
|
|
|
|
out.writeSide = -1;
|
|
|
|
|
2023-03-09 14:16:29 +00:00
|
|
|
// Wait for the SSH connection to be established,
|
|
|
|
// So that we don't overwrite the password prompt with our progress bar.
|
2023-05-16 12:48:04 +00:00
|
|
|
if (!fakeSSH && !useMaster && !isMasterRunning()) {
|
2023-03-09 14:16:29 +00:00
|
|
|
std::string reply;
|
|
|
|
try {
|
|
|
|
reply = readLine(out.readSide.get());
|
|
|
|
} catch (EndOfFile & e) { }
|
|
|
|
|
2024-03-04 04:38:09 +00:00
|
|
|
if (reply != "started") {
|
|
|
|
printTalkative("SSH stdout first line: %s", reply);
|
2023-03-09 14:16:29 +00:00
|
|
|
throw Error("failed to start SSH connection to '%s'", host);
|
2024-03-04 04:38:09 +00:00
|
|
|
}
|
2023-03-09 14:16:29 +00:00
|
|
|
}
|
|
|
|
|
2017-03-03 18:05:50 +00:00
|
|
|
conn->out = std::move(out.readSide);
|
|
|
|
conn->in = std::move(in.writeSide);
|
|
|
|
|
|
|
|
return conn;
|
|
|
|
}
|
|
|
|
|
2017-03-03 18:28:27 +00:00
|
|
|
Path SSHMaster::startMaster()
|
2017-03-03 18:05:50 +00:00
|
|
|
{
|
2017-03-03 18:28:27 +00:00
|
|
|
if (!useMaster) return "";
|
2017-03-03 18:05:50 +00:00
|
|
|
|
2017-03-03 18:28:27 +00:00
|
|
|
auto state(state_.lock());
|
2017-03-03 18:05:50 +00:00
|
|
|
|
2017-03-03 18:28:27 +00:00
|
|
|
if (state->sshMaster != -1) return state->socketPath;
|
|
|
|
|
|
|
|
state->socketPath = (Path) *state->tmpDir + "/ssh.sock";
|
2017-03-03 18:05:50 +00:00
|
|
|
|
|
|
|
Pipe out;
|
|
|
|
out.create();
|
|
|
|
|
2020-02-14 06:47:48 +00:00
|
|
|
ProcessOptions options;
|
|
|
|
options.dieWithParent = false;
|
|
|
|
|
2023-03-09 14:16:29 +00:00
|
|
|
logger->pause();
|
|
|
|
Finally cleanup = [&]() { logger->resume(); };
|
|
|
|
|
2024-03-04 04:38:09 +00:00
|
|
|
if (isMasterRunning())
|
|
|
|
return state->socketPath;
|
2023-05-16 12:48:04 +00:00
|
|
|
|
2017-03-03 18:28:27 +00:00
|
|
|
state->sshMaster = startProcess([&]() {
|
2021-04-07 11:10:02 +00:00
|
|
|
restoreProcessContext();
|
2017-03-03 18:05:50 +00:00
|
|
|
|
|
|
|
close(out.readSide.get());
|
|
|
|
|
|
|
|
if (dup2(out.writeSide.get(), STDOUT_FILENO) == -1)
|
|
|
|
throw SysError("duping over stdout");
|
|
|
|
|
2023-03-09 14:16:29 +00:00
|
|
|
Strings args = { "ssh", host.c_str(), "-M", "-N", "-S", state->socketPath };
|
2018-03-20 14:30:55 +00:00
|
|
|
if (verbosity >= lvlChatty)
|
|
|
|
args.push_back("-v");
|
2017-03-21 13:35:50 +00:00
|
|
|
addCommonSSHOpts(args);
|
2017-03-03 18:05:50 +00:00
|
|
|
execvp(args.begin()->c_str(), stringsToCharPtrs(args).data());
|
|
|
|
|
2019-12-13 11:53:20 +00:00
|
|
|
throw SysError("unable to execute '%s'", args.front());
|
2020-02-14 06:47:48 +00:00
|
|
|
}, options);
|
2017-03-03 18:05:50 +00:00
|
|
|
|
|
|
|
out.writeSide = -1;
|
|
|
|
|
2024-03-04 04:38:09 +00:00
|
|
|
std::string reply;
|
|
|
|
try {
|
|
|
|
reply = readLine(out.readSide.get());
|
|
|
|
} catch (EndOfFile & e) { }
|
2017-03-03 18:05:50 +00:00
|
|
|
|
2024-03-04 04:38:09 +00:00
|
|
|
if (reply != "started") {
|
|
|
|
printTalkative("SSH master stdout first line: %s", reply);
|
|
|
|
throw Error("failed to start SSH master connection to '%s'", host);
|
2023-05-16 12:48:04 +00:00
|
|
|
}
|
2017-03-03 18:28:27 +00:00
|
|
|
|
|
|
|
return state->socketPath;
|
2017-03-03 18:05:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|