2019-02-07 16:13:12 +09:00
// Copyright 2017 The Gitea Authors. All rights reserved.
2014-07-26 13:24:27 +09:00
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package ssh
import (
2020-10-11 09:38:09 +09:00
"bytes"
2019-02-07 16:13:12 +09:00
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
2019-07-07 10:28:09 +09:00
"fmt"
2015-11-09 06:59:56 +09:00
"io"
2014-07-26 13:24:27 +09:00
"os"
"os/exec"
2015-11-09 06:59:56 +09:00
"path/filepath"
2014-07-26 13:24:27 +09:00
"strings"
2019-07-07 10:28:09 +09:00
"sync"
"syscall"
2014-07-26 13:24:27 +09:00
2016-11-11 01:24:48 +09:00
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
2020-11-28 11:42:08 +09:00
"code.gitea.io/gitea/modules/util"
2019-07-07 10:28:09 +09:00
"github.com/gliderlabs/ssh"
gossh "golang.org/x/crypto/ssh"
2014-07-26 13:24:27 +09:00
)
2019-07-07 10:28:09 +09:00
type contextKey string
const giteaKeyID = contextKey ( "gitea-key-id" )
func getExitStatusFromError ( err error ) int {
if err == nil {
return 0
2015-11-09 06:59:56 +09:00
}
2019-07-07 10:28:09 +09:00
exitErr , ok := err . ( * exec . ExitError )
if ! ok {
return 1
}
2015-11-09 06:59:56 +09:00
2019-07-07 10:28:09 +09:00
waitStatus , ok := exitErr . Sys ( ) . ( syscall . WaitStatus )
if ! ok {
// This is a fallback and should at least let us return something useful
// when running on Windows, even if it isn't completely accurate.
if exitErr . Success ( ) {
return 0
2014-07-26 13:24:27 +09:00
}
2019-07-07 10:28:09 +09:00
return 1
2014-07-26 13:24:27 +09:00
}
2019-07-07 10:28:09 +09:00
return waitStatus . ExitStatus ( )
2014-07-26 13:24:27 +09:00
}
2019-07-07 10:28:09 +09:00
func sessionHandler ( session ssh . Session ) {
2020-12-25 18:59:32 +09:00
keyID := fmt . Sprintf ( "%d" , session . Context ( ) . Value ( giteaKeyID ) . ( int64 ) )
2019-07-07 10:28:09 +09:00
command := session . RawCommand ( )
log . Trace ( "SSH: Payload: %v" , command )
2020-12-25 18:59:32 +09:00
args := [ ] string { "serv" , "key-" + keyID , "--config=" + setting . CustomConf }
2019-07-07 10:28:09 +09:00
log . Trace ( "SSH: Arguments: %v" , args )
cmd := exec . Command ( setting . AppPath , args ... )
cmd . Env = append (
os . Environ ( ) ,
"SSH_ORIGINAL_COMMAND=" + command ,
"SKIP_MINWINSVC=1" ,
)
stdout , err := cmd . StdoutPipe ( )
2014-07-26 13:24:27 +09:00
if err != nil {
2019-07-07 10:28:09 +09:00
log . Error ( "SSH: StdoutPipe: %v" , err )
return
2014-07-26 13:24:27 +09:00
}
2019-07-07 10:28:09 +09:00
stderr , err := cmd . StderrPipe ( )
if err != nil {
log . Error ( "SSH: StderrPipe: %v" , err )
return
}
stdin , err := cmd . StdinPipe ( )
if err != nil {
log . Error ( "SSH: StdinPipe: %v" , err )
return
}
wg := & sync . WaitGroup { }
wg . Add ( 2 )
if err = cmd . Start ( ) ; err != nil {
log . Error ( "SSH: Start: %v" , err )
return
}
go func ( ) {
defer stdin . Close ( )
if _ , err := io . Copy ( stdin , session ) ; err != nil {
log . Error ( "Failed to write session to stdin. %s" , err )
}
} ( )
go func ( ) {
defer wg . Done ( )
if _ , err := io . Copy ( session , stdout ) ; err != nil {
log . Error ( "Failed to write stdout to session. %s" , err )
}
} ( )
go func ( ) {
defer wg . Done ( )
if _ , err := io . Copy ( session . Stderr ( ) , stderr ) ; err != nil {
log . Error ( "Failed to write stderr to session. %s" , err )
2014-07-26 13:24:27 +09:00
}
2019-07-07 10:28:09 +09:00
} ( )
// Ensure all the output has been written before we wait on the command
// to exit.
wg . Wait ( )
// Wait for the command to exit and log any errors we get
err = cmd . Wait ( )
if err != nil {
log . Error ( "SSH: Wait: %v" , err )
}
if err := session . Exit ( getExitStatusFromError ( err ) ) ; err != nil {
log . Error ( "Session failed to exit. %s" , err )
}
}
func publicKeyHandler ( ctx ssh . Context , key ssh . PublicKey ) bool {
2020-12-15 17:45:13 +09:00
if log . IsDebug ( ) { // <- FingerprintSHA256 is kinda expensive so only calculate it if necessary
log . Debug ( "Handle Public Key: Fingerprint: %s from %s" , gossh . FingerprintSHA256 ( key ) , ctx . RemoteAddr ( ) )
}
2019-07-07 10:28:09 +09:00
if ctx . User ( ) != setting . SSH . BuiltinServerUser {
2020-12-15 17:45:13 +09:00
log . Warn ( "Invalid SSH username %s - must use %s for all git operations via ssh" , ctx . User ( ) , setting . SSH . BuiltinServerUser )
log . Warn ( "Failed authentication attempt from %s" , ctx . RemoteAddr ( ) )
2019-07-07 10:28:09 +09:00
return false
}
2016-02-02 02:10:49 +09:00
2020-10-11 09:38:09 +09:00
// check if we have a certificate
if cert , ok := key . ( * gossh . Certificate ) ; ok {
2020-12-15 17:45:13 +09:00
if log . IsDebug ( ) { // <- FingerprintSHA256 is kinda expensive so only calculate it if necessary
log . Debug ( "Handle Certificate: %s Fingerprint: %s is a certificate" , ctx . RemoteAddr ( ) , gossh . FingerprintSHA256 ( key ) )
}
2020-10-11 09:38:09 +09:00
if len ( setting . SSH . TrustedUserCAKeys ) == 0 {
2020-12-15 17:45:13 +09:00
log . Warn ( "Certificate Rejected: No trusted certificate authorities for this server" )
log . Warn ( "Failed authentication attempt from %s" , ctx . RemoteAddr ( ) )
2020-10-11 09:38:09 +09:00
return false
}
// look for the exact principal
2020-12-12 07:52:38 +09:00
principalLoop :
2020-10-11 09:38:09 +09:00
for _ , principal := range cert . ValidPrincipals {
pkey , err := models . SearchPublicKeyByContentExact ( principal )
if err != nil {
2020-12-12 07:52:38 +09:00
if models . IsErrKeyNotExist ( err ) {
2020-12-15 17:45:13 +09:00
log . Debug ( "Principal Rejected: %s Unknown Principal: %s" , ctx . RemoteAddr ( ) , principal )
2020-12-12 07:52:38 +09:00
continue principalLoop
}
2020-10-11 09:38:09 +09:00
log . Error ( "SearchPublicKeyByContentExact: %v" , err )
return false
}
c := & gossh . CertChecker {
IsUserAuthority : func ( auth gossh . PublicKey ) bool {
for _ , k := range setting . SSH . TrustedUserCAKeysParsed {
if bytes . Equal ( auth . Marshal ( ) , k . Marshal ( ) ) {
return true
}
}
return false
} ,
}
// check the CA of the cert
if ! c . IsUserAuthority ( cert . SignatureKey ) {
2020-12-15 17:45:13 +09:00
if log . IsDebug ( ) {
log . Debug ( "Principal Rejected: %s Untrusted Authority Signature Fingerprint %s for Principal: %s" , ctx . RemoteAddr ( ) , gossh . FingerprintSHA256 ( cert . SignatureKey ) , principal )
}
2020-12-12 07:52:38 +09:00
continue principalLoop
2020-10-11 09:38:09 +09:00
}
// validate the cert for this principal
if err := c . CheckCert ( principal , cert ) ; err != nil {
2020-12-15 17:45:13 +09:00
// User is presenting an invalid certificate - STOP any further processing
if log . IsError ( ) {
log . Error ( "Invalid Certificate KeyID %s with Signature Fingerprint %s presented for Principal: %s from %s" , cert . KeyId , gossh . FingerprintSHA256 ( cert . SignatureKey ) , principal , ctx . RemoteAddr ( ) )
}
log . Warn ( "Failed authentication attempt from %s" , ctx . RemoteAddr ( ) )
2020-10-11 09:38:09 +09:00
return false
}
2020-12-15 17:45:13 +09:00
if log . IsDebug ( ) { // <- FingerprintSHA256 is kinda expensive so only calculate it if necessary
log . Debug ( "Successfully authenticated: %s Certificate Fingerprint: %s Principal: %s" , ctx . RemoteAddr ( ) , gossh . FingerprintSHA256 ( key ) , principal )
}
2020-10-11 09:38:09 +09:00
ctx . SetValue ( giteaKeyID , pkey . ID )
return true
}
2020-12-15 17:45:13 +09:00
if log . IsWarn ( ) {
log . Warn ( "From %s Fingerprint: %s is a certificate, but no valid principals found" , ctx . RemoteAddr ( ) , gossh . FingerprintSHA256 ( key ) )
log . Warn ( "Failed authentication attempt from %s" , ctx . RemoteAddr ( ) )
}
return false
}
if log . IsDebug ( ) { // <- FingerprintSHA256 is kinda expensive so only calculate it if necessary
log . Debug ( "Handle Public Key: %s Fingerprint: %s is not a certificate" , ctx . RemoteAddr ( ) , gossh . FingerprintSHA256 ( key ) )
2020-10-11 09:38:09 +09:00
}
2019-07-07 10:28:09 +09:00
pkey , err := models . SearchPublicKeyByContent ( strings . TrimSpace ( string ( gossh . MarshalAuthorizedKey ( key ) ) ) )
if err != nil {
2020-12-12 07:52:38 +09:00
if models . IsErrKeyNotExist ( err ) {
2020-12-15 17:45:13 +09:00
if log . IsWarn ( ) {
log . Warn ( "Unknown public key: %s from %s" , gossh . FingerprintSHA256 ( key ) , ctx . RemoteAddr ( ) )
log . Warn ( "Failed authentication attempt from %s" , ctx . RemoteAddr ( ) )
}
2020-12-12 07:52:38 +09:00
return false
}
2020-12-15 17:45:13 +09:00
log . Error ( "SearchPublicKeyByContent: %v" , err )
2019-07-07 10:28:09 +09:00
return false
2014-07-26 13:24:27 +09:00
}
2019-07-07 10:28:09 +09:00
2020-12-15 17:45:13 +09:00
if log . IsDebug ( ) { // <- FingerprintSHA256 is kinda expensive so only calculate it if necessary
log . Debug ( "Successfully authenticated: %s Public Key Fingerprint: %s" , ctx . RemoteAddr ( ) , gossh . FingerprintSHA256 ( key ) )
}
2019-07-07 10:28:09 +09:00
ctx . SetValue ( giteaKeyID , pkey . ID )
return true
2014-07-26 13:24:27 +09:00
}
// Listen starts a SSH server listens on given port.
2017-11-03 00:26:41 +09:00
func Listen ( host string , port int , ciphers [ ] string , keyExchanges [ ] string , macs [ ] string ) {
2019-07-07 10:28:09 +09:00
// TODO: Handle ciphers, keyExchanges, and macs
srv := ssh . Server {
Addr : fmt . Sprintf ( "%s:%d" , host , port ) ,
PublicKeyHandler : publicKeyHandler ,
Handler : sessionHandler ,
// We need to explicitly disable the PtyCallback so text displays
// properly.
PtyCallback : func ( ctx ssh . Context , pty ssh . Pty ) bool {
return false
2014-07-26 13:24:27 +09:00
} ,
}
2015-11-15 03:21:31 +09:00
keyPath := filepath . Join ( setting . AppDataPath , "ssh/gogs.rsa" )
2020-11-28 11:42:08 +09:00
isExist , err := util . IsExist ( keyPath )
if err != nil {
log . Fatal ( "Unable to check if %s exists. Error: %v" , keyPath , err )
}
if ! isExist {
2016-12-01 08:56:15 +09:00
filePath := filepath . Dir ( keyPath )
if err := os . MkdirAll ( filePath , os . ModePerm ) ; err != nil {
2019-04-02 16:48:31 +09:00
log . Error ( "Failed to create dir %s: %v" , filePath , err )
2016-12-01 08:56:15 +09:00
}
2019-02-07 16:13:12 +09:00
err := GenKeyPair ( keyPath )
2015-11-15 03:21:31 +09:00
if err != nil {
2019-04-02 16:48:31 +09:00
log . Fatal ( "Failed to generate private key: %v" , err )
2015-11-15 03:21:31 +09:00
}
2019-07-07 10:28:09 +09:00
log . Trace ( "New private key is generated: %s" , keyPath )
2015-11-15 03:21:31 +09:00
}
2020-11-28 11:42:08 +09:00
err = srv . SetOption ( ssh . HostKeyFile ( keyPath ) )
2014-07-26 13:24:27 +09:00
if err != nil {
2019-07-07 10:28:09 +09:00
log . Error ( "Failed to set Host Key. %s" , err )
2014-07-26 13:24:27 +09:00
}
2019-10-15 22:39:51 +09:00
go listen ( & srv )
2019-07-07 10:28:09 +09:00
2014-07-26 13:24:27 +09:00
}
2019-02-07 16:13:12 +09:00
// GenKeyPair make a pair of public and private keys for SSH access.
// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
// Private Key generated is PEM encoded
func GenKeyPair ( keyPath string ) error {
privateKey , err := rsa . GenerateKey ( rand . Reader , 2048 )
if err != nil {
return err
}
privateKeyPEM := & pem . Block { Type : "RSA PRIVATE KEY" , Bytes : x509 . MarshalPKCS1PrivateKey ( privateKey ) }
f , err := os . OpenFile ( keyPath , os . O_RDWR | os . O_CREATE | os . O_TRUNC , 0600 )
if err != nil {
return err
}
2019-06-13 04:41:28 +09:00
defer func ( ) {
if err = f . Close ( ) ; err != nil {
log . Error ( "Close: %v" , err )
}
} ( )
2019-02-07 16:13:12 +09:00
if err := pem . Encode ( f , privateKeyPEM ) ; err != nil {
return err
}
// generate public key
2019-07-07 10:28:09 +09:00
pub , err := gossh . NewPublicKey ( & privateKey . PublicKey )
2019-02-07 16:13:12 +09:00
if err != nil {
return err
}
2019-07-07 10:28:09 +09:00
public := gossh . MarshalAuthorizedKey ( pub )
2019-02-07 16:13:12 +09:00
p , err := os . OpenFile ( keyPath + ".pub" , os . O_RDWR | os . O_CREATE | os . O_TRUNC , 0600 )
if err != nil {
return err
}
2019-06-13 04:41:28 +09:00
defer func ( ) {
if err = p . Close ( ) ; err != nil {
log . Error ( "Close: %v" , err )
}
} ( )
2019-02-07 16:13:12 +09:00
_ , err = p . Write ( public )
return err
}