github.com/psiphon-labs/psiphon-tunnel-core@v2.0.28+incompatible/psiphon/common/crypto/ssh/session.go (about) 1 // Copyright 2011 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 package ssh 6 7 // Session implements an interactive session described in 8 // "RFC 4254, section 6". 9 10 import ( 11 "bytes" 12 "encoding/binary" 13 "errors" 14 "fmt" 15 "io" 16 "io/ioutil" 17 "sync" 18 ) 19 20 type Signal string 21 22 // POSIX signals as listed in RFC 4254 Section 6.10. 23 const ( 24 SIGABRT Signal = "ABRT" 25 SIGALRM Signal = "ALRM" 26 SIGFPE Signal = "FPE" 27 SIGHUP Signal = "HUP" 28 SIGILL Signal = "ILL" 29 SIGINT Signal = "INT" 30 SIGKILL Signal = "KILL" 31 SIGPIPE Signal = "PIPE" 32 SIGQUIT Signal = "QUIT" 33 SIGSEGV Signal = "SEGV" 34 SIGTERM Signal = "TERM" 35 SIGUSR1 Signal = "USR1" 36 SIGUSR2 Signal = "USR2" 37 ) 38 39 var signals = map[Signal]int{ 40 SIGABRT: 6, 41 SIGALRM: 14, 42 SIGFPE: 8, 43 SIGHUP: 1, 44 SIGILL: 4, 45 SIGINT: 2, 46 SIGKILL: 9, 47 SIGPIPE: 13, 48 SIGQUIT: 3, 49 SIGSEGV: 11, 50 SIGTERM: 15, 51 } 52 53 type TerminalModes map[uint8]uint32 54 55 // POSIX terminal mode flags as listed in RFC 4254 Section 8. 56 const ( 57 tty_OP_END = 0 58 VINTR = 1 59 VQUIT = 2 60 VERASE = 3 61 VKILL = 4 62 VEOF = 5 63 VEOL = 6 64 VEOL2 = 7 65 VSTART = 8 66 VSTOP = 9 67 VSUSP = 10 68 VDSUSP = 11 69 VREPRINT = 12 70 VWERASE = 13 71 VLNEXT = 14 72 VFLUSH = 15 73 VSWTCH = 16 74 VSTATUS = 17 75 VDISCARD = 18 76 IGNPAR = 30 77 PARMRK = 31 78 INPCK = 32 79 ISTRIP = 33 80 INLCR = 34 81 IGNCR = 35 82 ICRNL = 36 83 IUCLC = 37 84 IXON = 38 85 IXANY = 39 86 IXOFF = 40 87 IMAXBEL = 41 88 ISIG = 50 89 ICANON = 51 90 XCASE = 52 91 ECHO = 53 92 ECHOE = 54 93 ECHOK = 55 94 ECHONL = 56 95 NOFLSH = 57 96 TOSTOP = 58 97 IEXTEN = 59 98 ECHOCTL = 60 99 ECHOKE = 61 100 PENDIN = 62 101 OPOST = 70 102 OLCUC = 71 103 ONLCR = 72 104 OCRNL = 73 105 ONOCR = 74 106 ONLRET = 75 107 CS7 = 90 108 CS8 = 91 109 PARENB = 92 110 PARODD = 93 111 TTY_OP_ISPEED = 128 112 TTY_OP_OSPEED = 129 113 ) 114 115 // A Session represents a connection to a remote command or shell. 116 type Session struct { 117 // Stdin specifies the remote process's standard input. 118 // If Stdin is nil, the remote process reads from an empty 119 // bytes.Buffer. 120 Stdin io.Reader 121 122 // Stdout and Stderr specify the remote process's standard 123 // output and error. 124 // 125 // If either is nil, Run connects the corresponding file 126 // descriptor to an instance of ioutil.Discard. There is a 127 // fixed amount of buffering that is shared for the two streams. 128 // If either blocks it may eventually cause the remote 129 // command to block. 130 Stdout io.Writer 131 Stderr io.Writer 132 133 ch Channel // the channel backing this session 134 started bool // true once Start, Run or Shell is invoked. 135 copyFuncs []func() error 136 errors chan error // one send per copyFunc 137 138 // true if pipe method is active 139 stdinpipe, stdoutpipe, stderrpipe bool 140 141 // stdinPipeWriter is non-nil if StdinPipe has not been called 142 // and Stdin was specified by the user; it is the write end of 143 // a pipe connecting Session.Stdin to the stdin channel. 144 stdinPipeWriter io.WriteCloser 145 146 exitStatus chan error 147 } 148 149 // SendRequest sends an out-of-band channel request on the SSH channel 150 // underlying the session. 151 func (s *Session) SendRequest(name string, wantReply bool, payload []byte) (bool, error) { 152 return s.ch.SendRequest(name, wantReply, payload) 153 } 154 155 func (s *Session) Close() error { 156 return s.ch.Close() 157 } 158 159 // RFC 4254 Section 6.4. 160 type setenvRequest struct { 161 Name string 162 Value string 163 } 164 165 // Setenv sets an environment variable that will be applied to any 166 // command executed by Shell or Run. 167 func (s *Session) Setenv(name, value string) error { 168 msg := setenvRequest{ 169 Name: name, 170 Value: value, 171 } 172 ok, err := s.ch.SendRequest("env", true, Marshal(&msg)) 173 if err == nil && !ok { 174 err = errors.New("ssh: setenv failed") 175 } 176 return err 177 } 178 179 // RFC 4254 Section 6.2. 180 type ptyRequestMsg struct { 181 Term string 182 Columns uint32 183 Rows uint32 184 Width uint32 185 Height uint32 186 Modelist string 187 } 188 189 // RequestPty requests the association of a pty with the session on the remote host. 190 func (s *Session) RequestPty(term string, h, w int, termmodes TerminalModes) error { 191 var tm []byte 192 for k, v := range termmodes { 193 kv := struct { 194 Key byte 195 Val uint32 196 }{k, v} 197 198 tm = append(tm, Marshal(&kv)...) 199 } 200 tm = append(tm, tty_OP_END) 201 req := ptyRequestMsg{ 202 Term: term, 203 Columns: uint32(w), 204 Rows: uint32(h), 205 Width: uint32(w * 8), 206 Height: uint32(h * 8), 207 Modelist: string(tm), 208 } 209 ok, err := s.ch.SendRequest("pty-req", true, Marshal(&req)) 210 if err == nil && !ok { 211 err = errors.New("ssh: pty-req failed") 212 } 213 return err 214 } 215 216 // RFC 4254 Section 6.5. 217 type subsystemRequestMsg struct { 218 Subsystem string 219 } 220 221 // RequestSubsystem requests the association of a subsystem with the session on the remote host. 222 // A subsystem is a predefined command that runs in the background when the ssh session is initiated 223 func (s *Session) RequestSubsystem(subsystem string) error { 224 msg := subsystemRequestMsg{ 225 Subsystem: subsystem, 226 } 227 ok, err := s.ch.SendRequest("subsystem", true, Marshal(&msg)) 228 if err == nil && !ok { 229 err = errors.New("ssh: subsystem request failed") 230 } 231 return err 232 } 233 234 // RFC 4254 Section 6.7. 235 type ptyWindowChangeMsg struct { 236 Columns uint32 237 Rows uint32 238 Width uint32 239 Height uint32 240 } 241 242 // WindowChange informs the remote host about a terminal window dimension change to h rows and w columns. 243 func (s *Session) WindowChange(h, w int) error { 244 req := ptyWindowChangeMsg{ 245 Columns: uint32(w), 246 Rows: uint32(h), 247 Width: uint32(w * 8), 248 Height: uint32(h * 8), 249 } 250 _, err := s.ch.SendRequest("window-change", false, Marshal(&req)) 251 return err 252 } 253 254 // RFC 4254 Section 6.9. 255 type signalMsg struct { 256 Signal string 257 } 258 259 // Signal sends the given signal to the remote process. 260 // sig is one of the SIG* constants. 261 func (s *Session) Signal(sig Signal) error { 262 msg := signalMsg{ 263 Signal: string(sig), 264 } 265 266 _, err := s.ch.SendRequest("signal", false, Marshal(&msg)) 267 return err 268 } 269 270 // RFC 4254 Section 6.5. 271 type execMsg struct { 272 Command string 273 } 274 275 // Start runs cmd on the remote host. Typically, the remote 276 // server passes cmd to the shell for interpretation. 277 // A Session only accepts one call to Run, Start or Shell. 278 func (s *Session) Start(cmd string) error { 279 if s.started { 280 return errors.New("ssh: session already started") 281 } 282 req := execMsg{ 283 Command: cmd, 284 } 285 286 ok, err := s.ch.SendRequest("exec", true, Marshal(&req)) 287 if err == nil && !ok { 288 err = fmt.Errorf("ssh: command %v failed", cmd) 289 } 290 if err != nil { 291 return err 292 } 293 return s.start() 294 } 295 296 // Run runs cmd on the remote host. Typically, the remote 297 // server passes cmd to the shell for interpretation. 298 // A Session only accepts one call to Run, Start, Shell, Output, 299 // or CombinedOutput. 300 // 301 // The returned error is nil if the command runs, has no problems 302 // copying stdin, stdout, and stderr, and exits with a zero exit 303 // status. 304 // 305 // If the remote server does not send an exit status, an error of type 306 // *ExitMissingError is returned. If the command completes 307 // unsuccessfully or is interrupted by a signal, the error is of type 308 // *ExitError. Other error types may be returned for I/O problems. 309 func (s *Session) Run(cmd string) error { 310 err := s.Start(cmd) 311 if err != nil { 312 return err 313 } 314 return s.Wait() 315 } 316 317 // Output runs cmd on the remote host and returns its standard output. 318 func (s *Session) Output(cmd string) ([]byte, error) { 319 if s.Stdout != nil { 320 return nil, errors.New("ssh: Stdout already set") 321 } 322 var b bytes.Buffer 323 s.Stdout = &b 324 err := s.Run(cmd) 325 return b.Bytes(), err 326 } 327 328 type singleWriter struct { 329 b bytes.Buffer 330 mu sync.Mutex 331 } 332 333 func (w *singleWriter) Write(p []byte) (int, error) { 334 w.mu.Lock() 335 defer w.mu.Unlock() 336 return w.b.Write(p) 337 } 338 339 // CombinedOutput runs cmd on the remote host and returns its combined 340 // standard output and standard error. 341 func (s *Session) CombinedOutput(cmd string) ([]byte, error) { 342 if s.Stdout != nil { 343 return nil, errors.New("ssh: Stdout already set") 344 } 345 if s.Stderr != nil { 346 return nil, errors.New("ssh: Stderr already set") 347 } 348 var b singleWriter 349 s.Stdout = &b 350 s.Stderr = &b 351 err := s.Run(cmd) 352 return b.b.Bytes(), err 353 } 354 355 // Shell starts a login shell on the remote host. A Session only 356 // accepts one call to Run, Start, Shell, Output, or CombinedOutput. 357 func (s *Session) Shell() error { 358 if s.started { 359 return errors.New("ssh: session already started") 360 } 361 362 ok, err := s.ch.SendRequest("shell", true, nil) 363 if err == nil && !ok { 364 return errors.New("ssh: could not start shell") 365 } 366 if err != nil { 367 return err 368 } 369 return s.start() 370 } 371 372 func (s *Session) start() error { 373 s.started = true 374 375 type F func(*Session) 376 for _, setupFd := range []F{(*Session).stdin, (*Session).stdout, (*Session).stderr} { 377 setupFd(s) 378 } 379 380 s.errors = make(chan error, len(s.copyFuncs)) 381 for _, fn := range s.copyFuncs { 382 go func(fn func() error) { 383 s.errors <- fn() 384 }(fn) 385 } 386 return nil 387 } 388 389 // Wait waits for the remote command to exit. 390 // 391 // The returned error is nil if the command runs, has no problems 392 // copying stdin, stdout, and stderr, and exits with a zero exit 393 // status. 394 // 395 // If the remote server does not send an exit status, an error of type 396 // *ExitMissingError is returned. If the command completes 397 // unsuccessfully or is interrupted by a signal, the error is of type 398 // *ExitError. Other error types may be returned for I/O problems. 399 func (s *Session) Wait() error { 400 if !s.started { 401 return errors.New("ssh: session not started") 402 } 403 waitErr := <-s.exitStatus 404 405 if s.stdinPipeWriter != nil { 406 s.stdinPipeWriter.Close() 407 } 408 var copyError error 409 for range s.copyFuncs { 410 if err := <-s.errors; err != nil && copyError == nil { 411 copyError = err 412 } 413 } 414 if waitErr != nil { 415 return waitErr 416 } 417 return copyError 418 } 419 420 func (s *Session) wait(reqs <-chan *Request) error { 421 wm := Waitmsg{status: -1} 422 // Wait for msg channel to be closed before returning. 423 for msg := range reqs { 424 switch msg.Type { 425 case "exit-status": 426 wm.status = int(binary.BigEndian.Uint32(msg.Payload)) 427 case "exit-signal": 428 var sigval struct { 429 Signal string 430 CoreDumped bool 431 Error string 432 Lang string 433 } 434 if err := Unmarshal(msg.Payload, &sigval); err != nil { 435 return err 436 } 437 438 // Must sanitize strings? 439 wm.signal = sigval.Signal 440 wm.msg = sigval.Error 441 wm.lang = sigval.Lang 442 default: 443 // This handles keepalives and matches 444 // OpenSSH's behaviour. 445 if msg.WantReply { 446 msg.Reply(false, nil) 447 } 448 } 449 } 450 if wm.status == 0 { 451 return nil 452 } 453 if wm.status == -1 { 454 // exit-status was never sent from server 455 if wm.signal == "" { 456 // signal was not sent either. RFC 4254 457 // section 6.10 recommends against this 458 // behavior, but it is allowed, so we let 459 // clients handle it. 460 return &ExitMissingError{} 461 } 462 wm.status = 128 463 if _, ok := signals[Signal(wm.signal)]; ok { 464 wm.status += signals[Signal(wm.signal)] 465 } 466 } 467 468 return &ExitError{wm} 469 } 470 471 // ExitMissingError is returned if a session is torn down cleanly, but 472 // the server sends no confirmation of the exit status. 473 type ExitMissingError struct{} 474 475 func (e *ExitMissingError) Error() string { 476 return "wait: remote command exited without exit status or exit signal" 477 } 478 479 func (s *Session) stdin() { 480 if s.stdinpipe { 481 return 482 } 483 var stdin io.Reader 484 if s.Stdin == nil { 485 stdin = new(bytes.Buffer) 486 } else { 487 r, w := io.Pipe() 488 go func() { 489 _, err := io.Copy(w, s.Stdin) 490 w.CloseWithError(err) 491 }() 492 stdin, s.stdinPipeWriter = r, w 493 } 494 s.copyFuncs = append(s.copyFuncs, func() error { 495 _, err := io.Copy(s.ch, stdin) 496 if err1 := s.ch.CloseWrite(); err == nil && err1 != io.EOF { 497 err = err1 498 } 499 return err 500 }) 501 } 502 503 func (s *Session) stdout() { 504 if s.stdoutpipe { 505 return 506 } 507 if s.Stdout == nil { 508 s.Stdout = ioutil.Discard 509 } 510 s.copyFuncs = append(s.copyFuncs, func() error { 511 _, err := io.Copy(s.Stdout, s.ch) 512 return err 513 }) 514 } 515 516 func (s *Session) stderr() { 517 if s.stderrpipe { 518 return 519 } 520 if s.Stderr == nil { 521 s.Stderr = ioutil.Discard 522 } 523 s.copyFuncs = append(s.copyFuncs, func() error { 524 _, err := io.Copy(s.Stderr, s.ch.Stderr()) 525 return err 526 }) 527 } 528 529 // sessionStdin reroutes Close to CloseWrite. 530 type sessionStdin struct { 531 io.Writer 532 ch Channel 533 } 534 535 func (s *sessionStdin) Close() error { 536 return s.ch.CloseWrite() 537 } 538 539 // StdinPipe returns a pipe that will be connected to the 540 // remote command's standard input when the command starts. 541 func (s *Session) StdinPipe() (io.WriteCloser, error) { 542 if s.Stdin != nil { 543 return nil, errors.New("ssh: Stdin already set") 544 } 545 if s.started { 546 return nil, errors.New("ssh: StdinPipe after process started") 547 } 548 s.stdinpipe = true 549 return &sessionStdin{s.ch, s.ch}, nil 550 } 551 552 // StdoutPipe returns a pipe that will be connected to the 553 // remote command's standard output when the command starts. 554 // There is a fixed amount of buffering that is shared between 555 // stdout and stderr streams. If the StdoutPipe reader is 556 // not serviced fast enough it may eventually cause the 557 // remote command to block. 558 func (s *Session) StdoutPipe() (io.Reader, error) { 559 if s.Stdout != nil { 560 return nil, errors.New("ssh: Stdout already set") 561 } 562 if s.started { 563 return nil, errors.New("ssh: StdoutPipe after process started") 564 } 565 s.stdoutpipe = true 566 return s.ch, nil 567 } 568 569 // StderrPipe returns a pipe that will be connected to the 570 // remote command's standard error when the command starts. 571 // There is a fixed amount of buffering that is shared between 572 // stdout and stderr streams. If the StderrPipe reader is 573 // not serviced fast enough it may eventually cause the 574 // remote command to block. 575 func (s *Session) StderrPipe() (io.Reader, error) { 576 if s.Stderr != nil { 577 return nil, errors.New("ssh: Stderr already set") 578 } 579 if s.started { 580 return nil, errors.New("ssh: StderrPipe after process started") 581 } 582 s.stderrpipe = true 583 return s.ch.Stderr(), nil 584 } 585 586 // newSession returns a new interactive session on the remote host. 587 func newSession(ch Channel, reqs <-chan *Request) (*Session, error) { 588 s := &Session{ 589 ch: ch, 590 } 591 s.exitStatus = make(chan error, 1) 592 go func() { 593 s.exitStatus <- s.wait(reqs) 594 }() 595 596 return s, nil 597 } 598 599 // An ExitError reports unsuccessful completion of a remote command. 600 type ExitError struct { 601 Waitmsg 602 } 603 604 func (e *ExitError) Error() string { 605 return e.Waitmsg.String() 606 } 607 608 // Waitmsg stores the information about an exited remote command 609 // as reported by Wait. 610 type Waitmsg struct { 611 status int 612 signal string 613 msg string 614 lang string 615 } 616 617 // ExitStatus returns the exit status of the remote command. 618 func (w Waitmsg) ExitStatus() int { 619 return w.status 620 } 621 622 // Signal returns the exit signal of the remote command if 623 // it was terminated violently. 624 func (w Waitmsg) Signal() string { 625 return w.signal 626 } 627 628 // Msg returns the exit message given by the remote command 629 func (w Waitmsg) Msg() string { 630 return w.msg 631 } 632 633 // Lang returns the language tag. See RFC 3066 634 func (w Waitmsg) Lang() string { 635 return w.lang 636 } 637 638 func (w Waitmsg) String() string { 639 str := fmt.Sprintf("Process exited with status %v", w.status) 640 if w.signal != "" { 641 str += fmt.Sprintf(" from signal %v", w.signal) 642 } 643 if w.msg != "" { 644 str += fmt.Sprintf(". Reason was: %v", w.msg) 645 } 646 return str 647 }