X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=rpc%2Fdial.go;h=e087c99d6ea8e0299f04785d44352f76af2ebc46;hb=7181f7906e7fb6e73ebc0daa46975bfa9c71478f;hp=945a75ff86c365fd1e251e205a0b68efbd2b3aef;hpb=825f928d824f728088606bcbf112d30d7a76f627;p=safcm%2Fsafcm.git diff --git a/rpc/dial.go b/rpc/dial.go index 945a75f..e087c99 100644 --- a/rpc/dial.go +++ b/rpc/dial.go @@ -1,6 +1,6 @@ // Simple RPC-like protocol: establish new connection and upload helper -// Copyright (C) 2021 Simon Ruderich +// Copyright (C) 2021-2024 Simon Ruderich // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -24,22 +24,35 @@ import ( "encoding/hex" "fmt" "io" + "io/fs" "os/exec" "strconv" "strings" "ruderich.org/simon/safcm" - "ruderich.org/simon/safcm/remote" ) -func (c *Conn) DialSSH(user, host, sshConfig string) error { +type SSHConfig struct { + Host string + User string // optional + SshConfig string // optional + + RemoteHelpers fs.FS +} + +func (c *Conn) DialSSH(cfg SSHConfig) error { if c.events == nil { return fmt.Errorf("cannot reuse Conn") } - remote := host - if user != "" { - remote = user + "@" + host + if cfg.RemoteHelpers == nil { + return fmt.Errorf("SSHConfig.RemoteHelpers not set") + } + c.remoteHelpers = cfg.RemoteHelpers + + remote := cfg.Host + if cfg.User != "" { + remote = cfg.User + "@" + cfg.Host } c.debugf("DialSSH: connecting to %q", remote) @@ -50,8 +63,8 @@ func (c *Conn) DialSSH(user, host, sshConfig string) error { } c.sshRemote = remote - if sshConfig != "" { - c.sshOpts = append(c.sshOpts, "-F", sshConfig) + if cfg.SshConfig != "" { + c.sshOpts = []string{"-F", cfg.SshConfig} } c.cmd = exec.Command("ssh", append(append([]string{}, c.sshOpts...), @@ -77,7 +90,7 @@ func (c *Conn) DialSSH(user, host, sshConfig string) error { err = c.dialSSH(stdin, stdout) if err != nil { - c.Kill() + c.Kill() //nolint:errcheck return err } c.conn = safcm.NewGobConn(stdout, stdin) @@ -141,13 +154,13 @@ compat_sha512sum() { // // The target directory must no permit other users to delete our files // or symlink attacks and arbitrary code execution is possible. For - // /tmp this is guaranteed by the sticky bit. Make sure it has the - // proper permissions. + // /tmp this is guaranteed by the sticky bit. The code verifies the + // directory has the proper permissions. // // We cannot use `test -f && test -O` because this is open to TOCTOU // attacks. `stat` gives use the full file state. If the file is owned - // by us and not a symlink then it's safe to use (assuming sticky or - // directory not writable by others). + // by us and not a symlink then it's safe to use (assuming sticky + // directory or directory not writable by others). // // `test -e` is only used to prevent error messages if the file // doesn't exist. It does not guard against any races. @@ -177,7 +190,6 @@ f() { tmp="$(mktemp "$x.XXXXXX")" # Report filename for upload echo "$tmp" - # Wait for upload to complete read unused @@ -203,9 +215,9 @@ f return err } - // Get embedded helper binary - helper, err := remote.Helpers.ReadFile( - fmt.Sprintf("helpers/%s-%s", goos, goarch)) + // Get remote helper binary + helper, err := fs.ReadFile(c.remoteHelpers, + fmt.Sprintf("%s-%s", goos, goarch)) if err != nil { return fmt.Errorf("remote not built for GOOS/GOARCH %s/%s", goos, goarch) @@ -264,7 +276,7 @@ f c.sshRemote, fmt.Sprintf("cat > %q", path))...) cmd.Stdin = bytes.NewReader(helper) - err = c.handleStderrAsEvents(cmd) + err = c.handleStderrAsEvents(cmd) // cmd.Stderr if err != nil { return err }