srv

package
v2.5.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2018 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthHandlers 

type AuthHandlers struct {
	*log.Entry

	// Server is the services.Server in the backend.
	Server services.Server

	// Component is the type of SSH server (node, proxy, or recording proxy).
	Component string

	// AuditLog is the service used to access Audit Log.
	AuditLog events.IAuditLog

	// AccessPoint is used to access the Auth Server.
	AccessPoint auth.AccessPoint
}

AuthHandlers are common authorization and authentication related handlers used by the regular and forwarding server.

func (*AuthHandlers) CheckAgentForward 

func (h *AuthHandlers) CheckAgentForward(ctx *ServerContext) error

CheckAgentForward checks if agent forwarding is allowed for the users RoleSet.

func (*AuthHandlers) CheckPortForward 

func (h *AuthHandlers) CheckPortForward(addr string, ctx *ServerContext) error

CheckPortForward checks if port forwarding is allowed for the users RoleSet.

func (*AuthHandlers) CreateIdentityContext 

func (h *AuthHandlers) CreateIdentityContext(sconn *ssh.ServerConn) (IdentityContext, error)

BuildIdentityContext returns an IdentityContext populated with information about the logged in user on the connection.

func (*AuthHandlers) HostKeyAuth 

func (h *AuthHandlers) HostKeyAuth(hostport string, remote net.Addr, key ssh.PublicKey) error

HostKeyAuth implements host key verification and is called by the client to validate the certificate presented by the target server. If the target server presents a SSH certificate, we validate that it was Teleport that generated the certificate. If the target server presents a public key, if we are strictly checking keys, we reject the target server. If we are not we take whatever.

func (*AuthHandlers) IsHostAuthority 

func (h *AuthHandlers) IsHostAuthority(hostport string, remote net.Addr, cert ssh.PublicKey) error

IsHostAuthority is called when checking the host certificate a server presents. It make sure that the key used to sign the host certificate was a Teleport CA.

func (*AuthHandlers) IsUserAuthority 

func (h *AuthHandlers) IsUserAuthority(cert ssh.PublicKey) bool

IsUserAuthority is called during checking the client key, to see if the key used to sign the certificate was a Teleport CA.

func (*AuthHandlers) UserKeyAuth 

func (h *AuthHandlers) UserKeyAuth(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error)

UserKeyAuth implements SSH client authentication using public keys and is called by the server every time the client connects.

type Exec 

type Exec interface {
	// GetCommand returns the command to be executed.
	GetCommand() string

	// SetCommand sets the command to be executed.
	SetCommand(string)

	// Start will start the execution of the command.
	Start(channel ssh.Channel) (*ExecResult, error)

	// Wait will block while the command executes.
	Wait() (*ExecResult, error)
}

Exec executes an "exec" request.

func NewExecRequest 

func NewExecRequest(ctx *ServerContext, command string) (Exec, error)

NewExecRequest creates a new local or remote Exec.

type ExecResult 

type ExecResult struct {
	// Command is the command that was executed.
	Command string

	// Code is return code that execution of the command resulted in.
	Code int
}

ExecResult is used internally to send the result of a command execution from a goroutine to SSH request handler and back to the calling client

type IdentityContext 

type IdentityContext struct {
	// TeleportUser is the Teleport user associated with the connection.
	TeleportUser string

	// Login is the operating system user associated with the connection.
	Login string

	// Certificate is the SSH user certificate bytes marshalled in the OpenSSH
	// authorized_keys format.
	Certificate []byte

	// CertAuthority is the Certificate Authority that signed the Certificate.
	CertAuthority services.CertAuthority

	// RoleSet is the roles this Teleport user is associated with. RoleSet is
	// used to check RBAC permissions.
	RoleSet services.RoleSet
}

IdentityContext holds all identity information associated with the user logged on the connection.

func (IdentityContext) GetCertificate 

func (c IdentityContext) GetCertificate() (*ssh.Certificate, error)

GetCertificate parses the SSH certificate bytes and returns a *ssh.Certificate.

type Server 

type Server interface {
	// ID is the unique ID of the server.
	ID() string

	// GetNamespace returns the namespace the server was created in.
	GetNamespace() string

	// AdvertiseAddr is the publicly addressable address of this server.
	AdvertiseAddr() string

	// Component is the type of server, forwarding or regular.
	Component() string

	// PermitUserEnvironment returns if reading environment variables upon
	// startup is allowed.
	PermitUserEnvironment() bool

	// EmitAuditEvent emits an Audit Event to the Auth Server.
	EmitAuditEvent(string, events.EventFields)

	// GetAuditLog returns the Audit Log for this cluster.
	GetAuditLog() events.IAuditLog

	// GetAccessPoint returns an auth.AccessPoint for this cluster.
	GetAccessPoint() auth.AccessPoint

	// GetSessionServer returns a session server.
	GetSessionServer() rsession.Service
}

Server is regular or forwarding SSH server.

type ServerContext 

type ServerContext struct {
	*log.Entry

	sync.RWMutex

	// Conn is the underlying *ssh.ServerConn.
	Conn *ssh.ServerConn

	// Identity holds the identity of the user that is currently logged in on
	// the Conn.
	Identity IdentityContext

	// ExecResultCh is a Go channel which will be used to send and receive the
	// result of a "exec" request.
	ExecResultCh chan ExecResult

	// SubsystemResultCh is a Go channel which will be used to send and receive
	// the result of a "subsystem" request.
	SubsystemResultCh chan SubsystemResult

	// IsTestStub is set to true by tests.
	IsTestStub bool

	// ExecRequest is the command to be executed within this session context.
	ExecRequest Exec

	// ClusterName is the name of the cluster current user is authenticated with.
	ClusterName string

	// RemoteClient holds a SSH client to a remote server. Only used by the
	// recording proxy.
	RemoteClient *ssh.Client

	// RemoteSession holds a SSH session to a remote server. Only used by the
	// recording proxy.
	RemoteSession *ssh.Session
	// contains filtered or unexported fields
}

SessionContext holds session specific context, such as SSH auth agents, PTYs, and other resources. SessionContext also holds a ServerContext which can be used to access resources on the underlying server. SessionContext can also be used to attach resources that should be closed once the session closes.

func NewServerContext 

func NewServerContext(srv Server, conn *ssh.ServerConn, identityContext IdentityContext) *ServerContext

NewServerContext creates a new *ServerContext which is used to pass and manage resources.

func (*ServerContext) AddCloser 

func (c *ServerContext) AddCloser(closer io.Closer)

AddCloser adds any closer in ctx that will be called whenever server closes session channel

func (*ServerContext) Close 

func (c *ServerContext) Close() error

func (*ServerContext) CreateOrJoinSession 

func (c *ServerContext) CreateOrJoinSession(reg *SessionRegistry) error

CreateOrJoinSession will look in the SessionRegistry for the session ID. If no session is found, a new one is created. If one is found, it is returned.

func (*ServerContext) GetAgent 

func (c *ServerContext) GetAgent() agent.Agent

GetAgent returns a agent.Agent which represents the capabilities of an SSH agent.

func (*ServerContext) GetAgentChannel 

func (c *ServerContext) GetAgentChannel() ssh.Channel

GetAgentChannel returns the channel over which communication with the agent occurs.

func (*ServerContext) GetEnv 

func (c *ServerContext) GetEnv(key string) (string, bool)

GetEnv returns a environment variable within this context.

func (*ServerContext) GetServer 

func (c *ServerContext) GetServer() Server

func (*ServerContext) GetTerm 

func (c *ServerContext) GetTerm() Terminal

GetTerm returns a Terminal.

func (*ServerContext) ID 

func (c *ServerContext) ID() int

func (*ServerContext) ProxyPublicAddress 

func (c *ServerContext) ProxyPublicAddress() string

ProxyPublicAddress tries to get the public address from the first available proxy. if public_address is not set, fall back to the hostname of the first proxy we get back.

func (*ServerContext) SendExecResult 

func (c *ServerContext) SendExecResult(r ExecResult)

SendExecResult sends the result of execution of the "exec" command over the ExecResultCh.

func (*ServerContext) SendSubsystemResult 

func (c *ServerContext) SendSubsystemResult(r SubsystemResult)

SendSubsystemResult sends the result of running the subsystem over the SubsystemResultCh.

func (*ServerContext) SetAgent 

func (c *ServerContext) SetAgent(a agent.Agent, channel ssh.Channel)

SetAgent sets the agent and channel over which communication with the agent occurs.

func (*ServerContext) SetEnv 

func (c *ServerContext) SetEnv(key, val string)

SetEnv sets a environment variable within this context.

func (*ServerContext) SetTerm 

func (c *ServerContext) SetTerm(t Terminal)

SetTerm set a Terminal.

func (*ServerContext) String 

func (c *ServerContext) String() string

type SessionRegistry 

type SessionRegistry struct {
	sync.Mutex
	// contains filtered or unexported fields
}

SessionRegistry holds a map of all active sessions on a given SSH server

func NewSessionRegistry 

func NewSessionRegistry(srv Server) (*SessionRegistry, error)

func (*SessionRegistry) Close 

func (s *SessionRegistry) Close()

func (*SessionRegistry) NotifyWinChange 

func (s *SessionRegistry) NotifyWinChange(params rsession.TerminalParams, ctx *ServerContext) error

notifyWinChange is called when an SSH server receives a command notifying us that the terminal size has changed

func (*SessionRegistry) OpenSession 

func (s *SessionRegistry) OpenSession(ch ssh.Channel, req *ssh.Request, ctx *ServerContext) error

joinShell either joins an existing session or starts a new shell

func (*SessionRegistry) PushTermSizeToParty 

func (r *SessionRegistry) PushTermSizeToParty(sconn *ssh.ServerConn, ch ssh.Channel) error

type Subsystem 

type Subsystem interface {
	// Start starts subsystem
	Start(*ssh.ServerConn, ssh.Channel, *ssh.Request, *ServerContext) error

	// Wait is returned by subystem when it's completed
	Wait() error
}

Subsystem represents SSH subsytem - special command executed in the context of the session.

type SubsystemResult 

type SubsystemResult struct {
	// Name holds the name of the subsystem that was executed.
	Name string

	// Err holds the result of execution of the subsystem.
	Err error
}

SubsystemResult is a result of execution of the subsystem.

type TermHandlers 

type TermHandlers struct {
	SessionRegistry *SessionRegistry
}

TermHandlers are common terminal handling functions used by both the regular and forwarding server.

func (*TermHandlers) HandleExec 

func (t *TermHandlers) HandleExec(ch ssh.Channel, req *ssh.Request, ctx *ServerContext) error

HandleExec handles requests of type "exec" which can execute with or without a TTY. Result of execution is propagated back on the ExecResult channel of the context.

func (*TermHandlers) HandlePTYReq 

func (t *TermHandlers) HandlePTYReq(ch ssh.Channel, req *ssh.Request, ctx *ServerContext) error

HandlePTYReq handles requests of type "pty-req" which allocate a TTY for "exec" or "shell" requests. The "pty-req" includes the size of the TTY as well as the terminal type requested.

func (*TermHandlers) HandleShell 

func (t *TermHandlers) HandleShell(ch ssh.Channel, req *ssh.Request, ctx *ServerContext) error

HandleShell handles requests of type "shell" which request a interactive shell be created within a TTY.

func (*TermHandlers) HandleWinChange 

func (t *TermHandlers) HandleWinChange(ch ssh.Channel, req *ssh.Request, ctx *ServerContext) error

HandleWinChange handles requests of type "window-change" which update the size of the TTY running on the server.

type Terminal 

type Terminal interface {
	// AddParty adds another participant to this terminal. We will keep the
	// Terminal open until all participants have left.
	AddParty(delta int)

	// Run will run the terminal.
	Run() error

	// Wait will block until the terminal is complete.
	Wait() (*ExecResult, error)

	// Kill will force kill the terminal.
	Kill() error

	// PTY returns the PTY backing the terminal.
	PTY() io.ReadWriter

	// TTY returns the TTY backing the terminal.
	TTY() *os.File

	// Close will free resources associated with the terminal.
	Close() error

	// GetWinSize returns the window size of the terminal.
	GetWinSize() (*term.Winsize, error)

	// SetWinSize sets the window size of the terminal.
	SetWinSize(params rsession.TerminalParams) error

	// GetTerminalParams is a fast call to get cached terminal parameters
	// and avoid extra system call.
	GetTerminalParams() rsession.TerminalParams

	// SetTerminalModes sets the terminal modes from "pty-req"
	SetTerminalModes(ssh.TerminalModes)

	// GetTermType gets the terminal type set in "pty-req"
	GetTermType() string

	// SetTermType sets the terminal type from "pty-req"
	SetTermType(string)
}

Terminal defines an interface of handy functions for managing a (local or remote) PTY, such as resizing windows, executing commands with a PTY, and cleaning up.

func NewTerminal 

func NewTerminal(ctx *ServerContext) (Terminal, error)

NewTerminal returns a new terminal. Terminal can be local or remote depending on cluster configuration.

Source Files

View all Source files

Directories

Path Synopsis
Package regular implements SSH server that supports multiplexing tunneling, SSH connections proxying and only supports Key based auth
 Package regular implements SSH server that supports multiplexing tunneling, SSH connections proxying and only supports Key based auth

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.