// Makes system-dependent SSH wrapper
func gitSSHWrapper(keyFile string, otherOpt string) (sshWrapperFile string, tempDir string, err error) {
// TODO(sqs): encrypt and store the key in the env so that
// attackers can't decrypt if they have disk access after our
// process dies
var script string
if runtime.GOOS == "windows" {
script = `
@echo off
ssh -o ControlMaster=no -o ControlPath=none ` + otherOpt + ` -i ` + filepath.ToSlash(keyFile) + ` "%@"
`
} else {
script = `
#!/bin/sh
exec /usr/bin/ssh -o ControlMaster=no -o ControlPath=none ` + otherOpt + ` -i ` + filepath.ToSlash(keyFile) + ` "$@"
`
}
sshWrapperName, tempDir, err := internal.ScriptFile("go-vcs-gitcmd")
if err != nil {
return sshWrapperName, tempDir, err
}
err = internal.WriteFileWithPermissions(sshWrapperName, []byte(script), 0500)
return sshWrapperName, tempDir, err
}
// makeGitPassHelper writes a GIT_ASKPASS helper that supplies password over stdout.
// You should remove the passHelper (and tempDir if any) after using it.
func makeGitPassHelper(pass string) (passHelper string, tempDir string, err error) {
tmpFile, dir, err := internal.ScriptFile("go-vcs-gitcmd-ask")
if err != nil {
return tmpFile, dir, err
}
passPath := filepath.Join(dir, "password")
err = internal.WriteFileWithPermissions(passPath, []byte(pass), 0600)
if err != nil {
return tmpFile, dir, err
}
var script string
// We assume passPath can be escaped with a simple wrapping of single
// quotes. The path is not user controlled so this assumption should
// not be violated.
if runtime.GOOS == "windows" {
script = "@echo off\ntype " + passPath + "\n"
} else {
script = "#!/bin/sh\ncat '" + passPath + "'\n"
}
err = internal.WriteFileWithPermissions(tmpFile, []byte(script), 0500)
return tmpFile, dir, err
}
// makeGitPassHelper writes a GIT_ASKPASS helper that supplies password over stdout.
// You should remove the passHelper (and tempDir if any) after using it.
func makeGitPassHelper(pass string) (passHelper string, tempDir string, err error) {
tmpFile, dir, err := internal.ScriptFile("go-vcs-gitcmd-ask")
if err != nil {
return tmpFile, dir, err
}
var script string
if runtime.GOOS == "windows" {
script = "@echo off\necho " + pass + "\n"
} else {
script = "#!/bin/sh\necho '" + pass + "'\n"
}
err = internal.WriteFileWithPermissions(tmpFile, []byte(script), 0500)
return tmpFile, dir, err
}
func TestServer(t *testing.T) {
var shellScript string
if runtime.GOOS == "windows" {
shellScript = `@echo off
set flag=%1
set flag=%flag:"=%
set args=%2
set args=%args:"=%
echo %flag% %args%
`
} else {
shellScript = `#!/bin/sh
echo $*
exit
`
}
shell, dir, err := internal.ScriptFile("govcs-ssh-shell")
if err != nil {
t.Fatal(err)
}
defer os.Remove(shell)
if dir != "" {
defer os.RemoveAll(dir)
}
err = internal.WriteFileWithPermissions(shell, []byte(shellScript), 0700)
if err != nil {
t.Fatal(err)
}
s, err := NewServer(shell, os.TempDir(), PrivateKey(SamplePrivKey))
if err != nil {
t.Fatal(err)
}
if err := s.Start(); err != nil {
t.Fatal(err)
}
// Client
cauth, err := clientAuth(SamplePrivKey)
if err != nil {
t.Fatal(err)
}
cconf := ssh.ClientConfig{User: "******"}
cconf.Auth = append(cconf.Auth, cauth)
sshc, err := ssh.Dial(s.l.Addr().Network(), s.l.Addr().String(), &cconf)
if err != nil {
t.Fatal(err)
}
defer sshc.Close()
session, err := sshc.NewSession()
if err != nil {
t.Fatal(err)
}
defer session.Close()
out, err := session.CombinedOutput("git-upload-pack 'foo'")
if err != nil {
t.Fatal(err)
}
if got, want := strings.TrimSpace(string(out)), "-c git-upload-pack 'foo'"; got != want {
t.Errorf("got ssh session output %q, want %q", got, want)
}
}