github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/nodeagent/dep/sshd/dep.go

github.com/caos/orbos@v1.5.14-0.20221103111702-e6cd0cea7ad4/internal/operator/nodeagent/dep/sshd/dep.go (about)

     1  package sshd
     2  
     3  import (
     4  	"bytes"
     5  	"fmt"
     6  	"io"
     7  	"os/exec"
     8  	"strings"
     9  
    10  	"github.com/caos/orbos/internal/operator/common"
    11  	"github.com/caos/orbos/internal/operator/nodeagent"
    12  	"github.com/caos/orbos/internal/operator/nodeagent/dep"
    13  	"github.com/caos/orbos/internal/operator/nodeagent/dep/middleware"
    14  )
    15  
    16  type Installer interface {
    17  	isSSHD()
    18  	nodeagent.Installer
    19  }
    20  
    21  type sshdDep struct {
    22  	systemd *dep.SystemD
    23  }
    24  
    25  func New(systemd *dep.SystemD) Installer {
    26  	return &sshdDep{systemd}
    27  }
    28  
    29  func (sshdDep) Is(other nodeagent.Installer) bool {
    30  	_, ok := middleware.Unwrap(other).(Installer)
    31  	return ok
    32  }
    33  
    34  func (sshdDep) isSSHD() {}
    35  
    36  func (sshdDep) String() string { return "SSHD" }
    37  
    38  func (*sshdDep) Equals(other nodeagent.Installer) bool {
    39  	_, ok := other.(*sshdDep)
    40  	return ok
    41  }
    42  
    43  func (*sshdDep) InstalledFilter() []string { return nil }
    44  
    45  func (s *sshdDep) Current() (pkg common.Package, err error) {
    46  
    47  	buf := new(bytes.Buffer)
    48  	defer buf.Reset()
    49  
    50  	swapon := exec.Command("sshd", "-T")
    51  	swapon.Stdout = buf
    52  	if err := swapon.Run(); err != nil {
    53  		return pkg, err
    54  	}
    55  
    56  	for {
    57  		if err != nil && err != io.EOF {
    58  			return pkg, err
    59  		}
    60  		line, err := buf.ReadString('\n')
    61  		fields := strings.Fields(line)
    62  		value := ""
    63  		if len(fields) > 1 {
    64  			value = fields[1]
    65  		}
    66  
    67  		if strings.Contains(line, "listenaddress") {
    68  			checkIP := "127.0.0.1"
    69  			if value != "[::]:22" && value != "0.0.0.0:22" {
    70  				if pkg.Config == nil {
    71  					pkg.Config = make(map[string]string)
    72  				}
    73  				checkIP = strings.Split(value, ":")[0]
    74  				pkg.Config["listenaddress"] = checkIP
    75  			}
    76  			out, _ := exec.Command("ssh", "-T", checkIP).CombinedOutput()
    77  			if strings.Contains(string(out), "Connection refused") {
    78  				if pkg.Config == nil {
    79  					pkg.Config = make(map[string]string)
    80  				}
    81  				pkg.Config["listening"] = "false"
    82  			}
    83  		}
    84  
    85  		if strings.Contains(line, "gssapiauthentication") && value != "no" {
    86  			if pkg.Config == nil {
    87  				pkg.Config = make(map[string]string)
    88  			}
    89  			pkg.Config["gssapiauthentication"] = value
    90  		}
    91  
    92  		if err == io.EOF {
    93  			break
    94  		}
    95  	}
    96  	return pkg, nil
    97  }
    98  
    99  func (s *sshdDep) Ensure(remove common.Package, ensure common.Package, _ bool) error {
   100  
   101  	appendLines := []string{"GSSAPIAuthentication no"}
   102  	listenAddress := ensure.Config["listenaddress"]
   103  	if listenAddress != "" {
   104  		appendLines = append(appendLines, fmt.Sprintf("ListenAddress %s", listenAddress))
   105  	}
   106  
   107  	if err := dep.ManipulateFile("/etc/ssh/sshd_config", []string{"GSSAPIAuthentication"}, appendLines, func(line string) *string {
   108  		if strings.HasPrefix(line, "ListenAddress") {
   109  			return nil
   110  		}
   111  		return &line
   112  	}); err != nil {
   113  		return err
   114  	}
   115  
   116  	return s.systemd.Start("sshd")
   117  }