osbzr
/
com
项目红包剩余9514,下一贡献奖励5%,即 476个红包
Obserwuj 15
Polub 7
Wiki 捐赠
本站源代码
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.
Gałąź: gamification
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'gamification'
${ noResults }
com/vendor/github.com/gliderlabs/ssh/server.go

395 lines
11KB
Czysty Bezpośredni odnośnik Wina Historia 

  1. package ssh

  2. 

  3. import (

  4. 	"context"

  5. 	"errors"

  6. 	"fmt"

  7. 	"net"

  8. 	"sync"

  9. 	"time"

  10. 

  11. 	gossh "golang.org/x/crypto/ssh"

  12. )

  13. 

  14. // ErrServerClosed is returned by the Server's Serve, ListenAndServe,

  15. // and ListenAndServeTLS methods after a call to Shutdown or Close.

  16. var ErrServerClosed = errors.New("ssh: Server closed")

  17. 

  18. type RequestHandler func(ctx Context, srv *Server, req *gossh.Request) (ok bool, payload []byte)

  19. 

  20. var DefaultRequestHandlers = map[string]RequestHandler{}

  21. 

  22. type ChannelHandler func(srv *Server, conn *gossh.ServerConn, newChan gossh.NewChannel, ctx Context)

  23. 

  24. var DefaultChannelHandlers = map[string]ChannelHandler{

  25. 	"session": DefaultSessionHandler,

  26. }

  27. 

  28. // Server defines parameters for running an SSH server. The zero value for

  29. // Server is a valid configuration. When both PasswordHandler and

  30. // PublicKeyHandler are nil, no client authentication is performed.

  31. type Server struct {

  32. 	Addr        string   // TCP address to listen on, ":22" if empty

  33. 	Handler     Handler  // handler to invoke, ssh.DefaultHandler if nil

  34. 	HostSigners []Signer // private keys for the host key, must have at least one

  35. 	Version     string   // server version to be sent before the initial handshake

  36. 

  37. 	KeyboardInteractiveHandler    KeyboardInteractiveHandler    // keyboard-interactive authentication handler

  38. 	PasswordHandler               PasswordHandler               // password authentication handler

  39. 	PublicKeyHandler              PublicKeyHandler              // public key authentication handler

  40. 	PtyCallback                   PtyCallback                   // callback for allowing PTY sessions, allows all if nil

  41. 	ConnCallback                  ConnCallback                  // optional callback for wrapping net.Conn before handling

  42. 	LocalPortForwardingCallback   LocalPortForwardingCallback   // callback for allowing local port forwarding, denies all if nil

  43. 	ReversePortForwardingCallback ReversePortForwardingCallback // callback for allowing reverse port forwarding, denies all if nil

  44. 	ServerConfigCallback          ServerConfigCallback          // callback for configuring detailed SSH options

  45. 	SessionRequestCallback        SessionRequestCallback        // callback for allowing or denying SSH sessions

  46. 

  47. 	IdleTimeout time.Duration // connection timeout when no activity, none if empty

  48. 	MaxTimeout  time.Duration // absolute connection timeout, none if empty

  49. 

  50. 	// ChannelHandlers allow overriding the built-in session handlers or provide

  51. 	// extensions to the protocol, such as tcpip forwarding. By default only the

  52. 	// "session" handler is enabled.

  53. 	ChannelHandlers map[string]ChannelHandler

  54. 

  55. 	// RequestHandlers allow overriding the server-level request handlers or

  56. 	// provide extensions to the protocol, such as tcpip forwarding. By default

  57. 	// no handlers are enabled.

  58. 	RequestHandlers map[string]RequestHandler

  59. 

  60. 	listenerWg sync.WaitGroup

  61. 	mu         sync.Mutex

  62. 	listeners  map[net.Listener]struct{}

  63. 	conns      map[*gossh.ServerConn]struct{}

  64. 	connWg     sync.WaitGroup

  65. 	doneChan   chan struct{}

  66. }

  67. 

  68. func (srv *Server) ensureHostSigner() error {

  69. 	if len(srv.HostSigners) == 0 {

  70. 		signer, err := generateSigner()

  71. 		if err != nil {

  72. 			return err

  73. 		}

  74. 		srv.HostSigners = append(srv.HostSigners, signer)

  75. 	}

  76. 	return nil

  77. }

  78. 

  79. func (srv *Server) ensureHandlers() {

  80. 	srv.mu.Lock()

  81. 	defer srv.mu.Unlock()

  82. 	if srv.RequestHandlers == nil {

  83. 		srv.RequestHandlers = map[string]RequestHandler{}

  84. 		for k, v := range DefaultRequestHandlers {

  85. 			srv.RequestHandlers[k] = v

  86. 		}

  87. 	}

  88. 	if srv.ChannelHandlers == nil {

  89. 		srv.ChannelHandlers = map[string]ChannelHandler{}

  90. 		for k, v := range DefaultChannelHandlers {

  91. 			srv.ChannelHandlers[k] = v

  92. 		}

  93. 	}

  94. }

  95. 

  96. func (srv *Server) config(ctx Context) *gossh.ServerConfig {

  97. 	var config *gossh.ServerConfig

  98. 	if srv.ServerConfigCallback == nil {

  99. 		config = &gossh.ServerConfig{}

  100. 	} else {

  101. 		config = srv.ServerConfigCallback(ctx)

  102. 	}

  103. 	for _, signer := range srv.HostSigners {

  104. 		config.AddHostKey(signer)

  105. 	}

  106. 	if srv.PasswordHandler == nil && srv.PublicKeyHandler == nil {

  107. 		config.NoClientAuth = true

  108. 	}

  109. 	if srv.Version != "" {

  110. 		config.ServerVersion = "SSH-2.0-" + srv.Version

  111. 	}

  112. 	if srv.PasswordHandler != nil {

  113. 		config.PasswordCallback = func(conn gossh.ConnMetadata, password []byte) (*gossh.Permissions, error) {

  114. 			applyConnMetadata(ctx, conn)

  115. 			if ok := srv.PasswordHandler(ctx, string(password)); !ok {

  116. 				return ctx.Permissions().Permissions, fmt.Errorf("permission denied")

  117. 			}

  118. 			return ctx.Permissions().Permissions, nil

  119. 		}

  120. 	}

  121. 	if srv.PublicKeyHandler != nil {

  122. 		config.PublicKeyCallback = func(conn gossh.ConnMetadata, key gossh.PublicKey) (*gossh.Permissions, error) {

  123. 			applyConnMetadata(ctx, conn)

  124. 			if ok := srv.PublicKeyHandler(ctx, key); !ok {

  125. 				return ctx.Permissions().Permissions, fmt.Errorf("permission denied")

  126. 			}

  127. 			ctx.SetValue(ContextKeyPublicKey, key)

  128. 			return ctx.Permissions().Permissions, nil

  129. 		}

  130. 	}

  131. 	if srv.KeyboardInteractiveHandler != nil {

  132. 		config.KeyboardInteractiveCallback = func(conn gossh.ConnMetadata, challenger gossh.KeyboardInteractiveChallenge) (*gossh.Permissions, error) {

  133. 			if ok := srv.KeyboardInteractiveHandler(ctx, challenger); !ok {

  134. 				return ctx.Permissions().Permissions, fmt.Errorf("permission denied")

  135. 			}

  136. 			return ctx.Permissions().Permissions, nil

  137. 		}

  138. 	}

  139. 	return config

  140. }

  141. 

  142. // Handle sets the Handler for the server.

  143. func (srv *Server) Handle(fn Handler) {

  144. 	srv.Handler = fn

  145. }

  146. 

  147. // Close immediately closes all active listeners and all active

  148. // connections.

  149. //

  150. // Close returns any error returned from closing the Server's

  151. // underlying Listener(s).

  152. func (srv *Server) Close() error {

  153. 	srv.mu.Lock()

  154. 	defer srv.mu.Unlock()

  155. 	srv.closeDoneChanLocked()

  156. 	err := srv.closeListenersLocked()

  157. 	for c := range srv.conns {

  158. 		c.Close()

  159. 		delete(srv.conns, c)

  160. 	}

  161. 	return err

  162. }

  163. 

  164. // Shutdown gracefully shuts down the server without interrupting any

  165. // active connections. Shutdown works by first closing all open

  166. // listeners, and then waiting indefinitely for connections to close.

  167. // If the provided context expires before the shutdown is complete,

  168. // then the context's error is returned.

  169. func (srv *Server) Shutdown(ctx context.Context) error {

  170. 	srv.mu.Lock()

  171. 	lnerr := srv.closeListenersLocked()

  172. 	srv.closeDoneChanLocked()

  173. 	srv.mu.Unlock()

  174. 

  175. 	finished := make(chan struct{}, 1)

  176. 	go func() {

  177. 		srv.listenerWg.Wait()

  178. 		srv.connWg.Wait()

  179. 		finished <- struct{}{}

  180. 	}()

  181. 

  182. 	select {

  183. 	case <-ctx.Done():

  184. 		return ctx.Err()

  185. 	case <-finished:

  186. 		return lnerr

  187. 	}

  188. }

  189. 

  190. // Serve accepts incoming connections on the Listener l, creating a new

  191. // connection goroutine for each. The connection goroutines read requests and then

  192. // calls srv.Handler to handle sessions.

  193. //

  194. // Serve always returns a non-nil error.

  195. func (srv *Server) Serve(l net.Listener) error {

  196. 	srv.ensureHandlers()

  197. 	defer l.Close()

  198. 	if err := srv.ensureHostSigner(); err != nil {

  199. 		return err

  200. 	}

  201. 	if srv.Handler == nil {

  202. 		srv.Handler = DefaultHandler

  203. 	}

  204. 	var tempDelay time.Duration

  205. 

  206. 	srv.trackListener(l, true)

  207. 	defer srv.trackListener(l, false)

  208. 	for {

  209. 		conn, e := l.Accept()

  210. 		if e != nil {

  211. 			select {

  212. 			case <-srv.getDoneChan():

  213. 				return ErrServerClosed

  214. 			default:

  215. 			}

  216. 			if ne, ok := e.(net.Error); ok && ne.Temporary() {

  217. 				if tempDelay == 0 {

  218. 					tempDelay = 5 * time.Millisecond

  219. 				} else {

  220. 					tempDelay *= 2

  221. 				}

  222. 				if max := 1 * time.Second; tempDelay > max {

  223. 					tempDelay = max

  224. 				}

  225. 				time.Sleep(tempDelay)

  226. 				continue

  227. 			}

  228. 			return e

  229. 		}

  230. 		go srv.handleConn(conn)

  231. 	}

  232. }

  233. 

  234. func (srv *Server) handleConn(newConn net.Conn) {

  235. 	if srv.ConnCallback != nil {

  236. 		cbConn := srv.ConnCallback(newConn)

  237. 		if cbConn == nil {

  238. 			newConn.Close()

  239. 			return

  240. 		}

  241. 		newConn = cbConn

  242. 	}

  243. 	ctx, cancel := newContext(srv)

  244. 	conn := &serverConn{

  245. 		Conn:          newConn,

  246. 		idleTimeout:   srv.IdleTimeout,

  247. 		closeCanceler: cancel,

  248. 	}

  249. 	if srv.MaxTimeout > 0 {

  250. 		conn.maxDeadline = time.Now().Add(srv.MaxTimeout)

  251. 	}

  252. 	defer conn.Close()

  253. 	sshConn, chans, reqs, err := gossh.NewServerConn(conn, srv.config(ctx))

  254. 	if err != nil {

  255. 		// TODO: trigger event callback

  256. 		return

  257. 	}

  258. 

  259. 	srv.trackConn(sshConn, true)

  260. 	defer srv.trackConn(sshConn, false)

  261. 

  262. 	ctx.SetValue(ContextKeyConn, sshConn)

  263. 	applyConnMetadata(ctx, sshConn)

  264. 	//go gossh.DiscardRequests(reqs)

  265. 	go srv.handleRequests(ctx, reqs)

  266. 	for ch := range chans {

  267. 		handler := srv.ChannelHandlers[ch.ChannelType()]

  268. 		if handler == nil {

  269. 			handler = srv.ChannelHandlers["default"]

  270. 		}

  271. 		if handler == nil {

  272. 			ch.Reject(gossh.UnknownChannelType, "unsupported channel type")

  273. 			continue

  274. 		}

  275. 		go handler(srv, sshConn, ch, ctx)

  276. 	}

  277. }

  278. 

  279. func (srv *Server) handleRequests(ctx Context, in <-chan *gossh.Request) {

  280. 	for req := range in {

  281. 		handler := srv.RequestHandlers[req.Type]

  282. 		if handler == nil {

  283. 			handler = srv.RequestHandlers["default"]

  284. 		}

  285. 		if handler == nil {

  286. 			req.Reply(false, nil)

  287. 			continue

  288. 		}

  289. 		/*reqCtx, cancel := context.WithCancel(ctx)

  290. 		defer cancel() */

  291. 		ret, payload := handler(ctx, srv, req)

  292. 		req.Reply(ret, payload)

  293. 	}

  294. }

  295. 

  296. // ListenAndServe listens on the TCP network address srv.Addr and then calls

  297. // Serve to handle incoming connections. If srv.Addr is blank, ":22" is used.

  298. // ListenAndServe always returns a non-nil error.

  299. func (srv *Server) ListenAndServe() error {

  300. 	addr := srv.Addr

  301. 	if addr == "" {

  302. 		addr = ":22"

  303. 	}

  304. 	ln, err := net.Listen("tcp", addr)

  305. 	if err != nil {

  306. 		return err

  307. 	}

  308. 	return srv.Serve(ln)

  309. }

  310. 

  311. // AddHostKey adds a private key as a host key. If an existing host key exists

  312. // with the same algorithm, it is overwritten. Each server config must have at

  313. // least one host key.

  314. func (srv *Server) AddHostKey(key Signer) {

  315. 	// these are later added via AddHostKey on ServerConfig, which performs the

  316. 	// check for one of every algorithm.

  317. 	srv.HostSigners = append(srv.HostSigners, key)

  318. }

  319. 

  320. // SetOption runs a functional option against the server.

  321. func (srv *Server) SetOption(option Option) error {

  322. 	return option(srv)

  323. }

  324. 

  325. func (srv *Server) getDoneChan() <-chan struct{} {

  326. 	srv.mu.Lock()

  327. 	defer srv.mu.Unlock()

  328. 	return srv.getDoneChanLocked()

  329. }

  330. 

  331. func (srv *Server) getDoneChanLocked() chan struct{} {

  332. 	if srv.doneChan == nil {

  333. 		srv.doneChan = make(chan struct{})

  334. 	}

  335. 	return srv.doneChan

  336. }

  337. 

  338. func (srv *Server) closeDoneChanLocked() {

  339. 	ch := srv.getDoneChanLocked()

  340. 	select {

  341. 	case <-ch:

  342. 		// Already closed. Don't close again.

  343. 	default:

  344. 		// Safe to close here. We're the only closer, guarded

  345. 		// by srv.mu.

  346. 		close(ch)

  347. 	}

  348. }

  349. 

  350. func (srv *Server) closeListenersLocked() error {

  351. 	var err error

  352. 	for ln := range srv.listeners {

  353. 		if cerr := ln.Close(); cerr != nil && err == nil {

  354. 			err = cerr

  355. 		}

  356. 		delete(srv.listeners, ln)

  357. 	}

  358. 	return err

  359. }

  360. 

  361. func (srv *Server) trackListener(ln net.Listener, add bool) {

  362. 	srv.mu.Lock()

  363. 	defer srv.mu.Unlock()

  364. 	if srv.listeners == nil {

  365. 		srv.listeners = make(map[net.Listener]struct{})

  366. 	}

  367. 	if add {

  368. 		// If the *Server is being reused after a previous

  369. 		// Close or Shutdown, reset its doneChan:

  370. 		if len(srv.listeners) == 0 && len(srv.conns) == 0 {

  371. 			srv.doneChan = nil

  372. 		}

  373. 		srv.listeners[ln] = struct{}{}

  374. 		srv.listenerWg.Add(1)

  375. 	} else {

  376. 		delete(srv.listeners, ln)

  377. 		srv.listenerWg.Done()

  378. 	}

  379. }

  380. 

  381. func (srv *Server) trackConn(c *gossh.ServerConn, add bool) {

  382. 	srv.mu.Lock()

  383. 	defer srv.mu.Unlock()

  384. 	if srv.conns == nil {

  385. 		srv.conns = make(map[*gossh.ServerConn]struct{})

  386. 	}

  387. 	if add {

  388. 		srv.conns[c] = struct{}{}

  389. 		srv.connWg.Add(1)

  390. 	} else {

  391. 		delete(srv.conns, c)

  392. 		srv.connWg.Done()

  393. 	}

  394. }
上海开阖软件有限公司 沪ICP备12045867号-1