"ruderich.org/simon/safcm/remote"
)
-func (c *Conn) DialSSH(user, host, sshConfig string) error {
+type SSHConfig struct {
+ Host string
+ User string // optional
+ SshConfig string // optional
+}
+
+func (c *Conn) DialSSH(cfg SSHConfig) error {
if c.events == nil {
return fmt.Errorf("cannot reuse Conn")
}
- remote := host
- if user != "" {
- remote = user + "@" + host
+ remote := cfg.Host
+ if cfg.User != "" {
+ remote = cfg.User + "@" + cfg.Host
}
c.debugf("DialSSH: connecting to %q", remote)
}
c.sshRemote = remote
- if sshConfig != "" {
- c.sshOpts = append(c.sshOpts, "-F", sshConfig)
+ if cfg.SshConfig != "" {
+ c.sshOpts = []string{"-F", cfg.SshConfig}
}
c.cmd = exec.Command("ssh",
append(append([]string{}, c.sshOpts...),
//
// The target directory must no permit other users to delete our files
// or symlink attacks and arbitrary code execution is possible. For
- // /tmp this is guaranteed by the sticky bit. Make sure it has the
- // proper permissions.
+ // /tmp this is guaranteed by the sticky bit. The code verifies the
+ // directory has the proper permissions.
//
// We cannot use `test -f && test -O` because this is open to TOCTOU
// attacks. `stat` gives use the full file state. If the file is owned
- // by us and not a symlink then it's safe to use (assuming sticky or
- // directory not writable by others).
+ // by us and not a symlink then it's safe to use (assuming sticky
+ // directory or directory not writable by others).
//
// `test -e` is only used to prevent error messages if the file
// doesn't exist. It does not guard against any races.
tmp="$(mktemp "$x.XXXXXX")"
# Report filename for upload
echo "$tmp"
-
# Wait for upload to complete
read unused
c.sshRemote,
fmt.Sprintf("cat > %q", path))...)
cmd.Stdin = bytes.NewReader(helper)
- err = c.handleStderrAsEvents(cmd)
+ err = c.handleStderrAsEvents(cmd) // cmd.Stderr
if err != nil {
return err
}
ruderich.org/simon / safcm / safcm.git / blobdiff