Simon Ruderich [Tue, 1 Jun 2021 05:59:59 +0000 (07:59 +0200)]
remote: guard against symlinks in earlier path components
This was only an issue when syncing files to directories where other
users have write access to the parent directory. For example when
copying files to /home/user/.ssh/authorized_keys the user could replace
.ssh with a symlink which permitted overwriting authorized_keys anywhere
on the system.
Fix possible attacks by using *at syscalls and disallowing symlinks in
all path components except for the last of synced paths. Syncing
symlinks is obviously still permitted.
Simon Ruderich [Tue, 18 May 2021 15:46:56 +0000 (17:46 +0200)]
Move synchronization loop into new package frontend
This is in preparation for other programs (besides cmd/safcm) using the
safcm library. To reduce code duplication useful functions will be
provided by the frontend package. Its use is optional. All core
functionality is provided by the regular safcm packages.
The logging setup was slightly modified. Log messages are now no longer
filtered by Sync.log() but by the new log function Loop.LogEventFunc (or
its implementation logEvent()). This is also the reason why one test was
removed from sync_sync_test.go which is no longer relevant.
Simon Ruderich [Tue, 18 May 2021 10:29:48 +0000 (12:29 +0200)]
Move implementation of cmd/safcm-remote/ to remote/
This permits users of the safcm library to easily "implement"
`safcm-remote` simply by calling safcm/remote.Main(). They cannot use
the existing cmd/safcm-remote/ because the source tree is not directly
available when importing the library.
Simon Ruderich [Mon, 17 May 2021 06:37:23 +0000 (08:37 +0200)]
config: config.yaml: add global "ssh_user" option
This option is used as default value when the host option "ssh_user" is
empty. Like the host option it defaults to an empty value which tells
`ssh` to use the current user.
Simon Ruderich [Thu, 13 May 2021 11:55:47 +0000 (13:55 +0200)]
safcm: add experimental support to sync from Windows hosts
This is _very_ experimental. The testsuite doesn't yet run on Windows
and only a few manual tests were run. Basically this is only present
because it was used to verify our changes to always use slash-separated
paths in the configuration on a real system. It seemed a waste to just
throw it away.
To build the binary for windows use (empty GOFLAGS to disable -race):
Simon Ruderich [Thu, 13 May 2021 11:40:54 +0000 (13:40 +0200)]
safcm: use only slash separated paths for the configuration
This change is in preparation to support running synchronizations from
Windows systems. However, Windows remotes won't be supported in the
foreseeable future.
Simon Ruderich [Wed, 12 May 2021 06:22:17 +0000 (08:22 +0200)]
sync: shorten log messages by removing "info/sync remote:" prefix
The prefix provides little value as it already obvious what's happening
on the remote side and in which phase (info/sync). Keeping the log
messages shorter helps the user to focus on the important parts of the
message.
Simon Ruderich [Sun, 9 May 2021 19:19:42 +0000 (21:19 +0200)]
sync: remove "detected" log message in packages/services
Don't waste one full log message to show the detected system. Instead,
append it to an existing log message.
Reorder log call in syncPackagesDebian() so the log message comes before
calling debianInstalledPackages(). This way errors from this function
show clearly where they originate.
Simon Ruderich [Sun, 9 May 2021 18:44:02 +0000 (20:44 +0200)]
remote: tests: hide testRunner functions in test output
This is not perfect because they are called from files like
cmd/safcm-remote/sync/commands.go which is not very helpful to figure
out which test case failed. However, it's better than showing
cmd/safcm-remote/sync/sync_test.go which was the previous behavior.
Simon Ruderich [Sun, 9 May 2021 10:46:18 +0000 (12:46 +0200)]
safcm: don't color output if stderr is redirected
All log messages are printed to stderr. It's confusing to still get
colored output when redirecting stderr to a file; only redirecting
stdout as well fixed this.
Simon Ruderich [Sun, 9 May 2021 10:29:08 +0000 (12:29 +0200)]
config: tests: replace FullPermToFileMode() with fs constants
FullPermToFileMode() is necessary in a few places but the tests should
use the common way in Go to set permissions. This is less confusing for
the reader.
Simon Ruderich [Sun, 9 May 2021 10:15:58 +0000 (12:15 +0200)]
sync: tests: use strict perm for os.WriteFile() in CreateFile()
This parameter is modified by the umask. The proper permissions are set
by os.Chmod() afterwards. Don't confuse the reader by using a value
which is not relevant.
Simon Ruderich [Sun, 9 May 2021 09:36:44 +0000 (11:36 +0200)]
safcm: strip invalid characters from detected os/arch groups
Handle them like any other detected group because the remote can send
invalid values. The current code can handle arbitrary group names just
fine but it's better to treat all untrusted input the same.
Simon Ruderich [Wed, 28 Apr 2021 10:26:18 +0000 (12:26 +0200)]
sync: run most tests which modify the host only in CI
This is especially important in case the user executes the tests as root
(no recommended but not prevented either). Permissions on paths like /
or /tmp which differ from those expected by the test could otherwise be
modified by the tests.
However, the end-to-end SSH tests which write /tmp/safcm-remote-$uid
(but no other paths) are still run so we get proper coverage of basic
features.
Simon Ruderich [Wed, 28 Apr 2021 05:57:52 +0000 (07:57 +0200)]
sync: remove duplicate "priority" from group priority log message
Now that the configuration option is called "group_priority" we can
remove the second "priority" and spell out "descending" (takes less
space than before).
Simon Ruderich [Wed, 28 Apr 2021 05:32:37 +0000 (07:32 +0200)]
safcm: group_order: higher priority for listed groups over remaining groups
The priority for all groups listed in `group_order` was properly
respected: Early entries had the highest priority. However, groups which
were not listed in `group_order` had a higher priority and overwrote
files from all groups configured in `group_order`.
The priority is now as expected (from high to low): host itself, groups
in group_order (from high to low), remaining groups.