Beispiel #1
0
// Makes system-dependent SSH wrapper
func gitSSHWrapper(keyFile string, otherOpt string) (sshWrapperFile string, tempDir string, err error) {
	// TODO(sqs): encrypt and store the key in the env so that
	// attackers can't decrypt if they have disk access after our
	// process dies

	var script string

	if runtime.GOOS == "windows" {
		script = `
	@echo off
	ssh -o ControlMaster=no -o ControlPath=none ` + otherOpt + ` -i ` + filepath.ToSlash(keyFile) + ` "%@"
`
	} else {
		script = `
	#!/bin/sh
	exec /usr/bin/ssh -o ControlMaster=no -o ControlPath=none ` + otherOpt + ` -i ` + filepath.ToSlash(keyFile) + ` "$@"
`
	}

	sshWrapperName, tempDir, err := internal.ScriptFile("go-vcs-gitcmd")
	if err != nil {
		return sshWrapperName, tempDir, err
	}

	err = internal.WriteFileWithPermissions(sshWrapperName, []byte(script), 0500)
	return sshWrapperName, tempDir, err
}
Beispiel #2
0
// makeGitPassHelper writes a GIT_ASKPASS helper that supplies password over stdout.
// You should remove the passHelper (and tempDir if any) after using it.
func makeGitPassHelper(pass string) (passHelper string, tempDir string, err error) {

	tmpFile, dir, err := internal.ScriptFile("go-vcs-gitcmd-ask")
	if err != nil {
		return tmpFile, dir, err
	}

	passPath := filepath.Join(dir, "password")
	err = internal.WriteFileWithPermissions(passPath, []byte(pass), 0600)
	if err != nil {
		return tmpFile, dir, err
	}

	var script string

	// We assume passPath can be escaped with a simple wrapping of single
	// quotes. The path is not user controlled so this assumption should
	// not be violated.
	if runtime.GOOS == "windows" {
		script = "@echo off\ntype " + passPath + "\n"
	} else {
		script = "#!/bin/sh\ncat '" + passPath + "'\n"
	}

	err = internal.WriteFileWithPermissions(tmpFile, []byte(script), 0500)
	return tmpFile, dir, err
}
Beispiel #3
0
// makeGitPassHelper writes a GIT_ASKPASS helper that supplies password over stdout.
// You should remove the passHelper (and tempDir if any) after using it.
func makeGitPassHelper(pass string) (passHelper string, tempDir string, err error) {

	tmpFile, dir, err := internal.ScriptFile("go-vcs-gitcmd-ask")
	if err != nil {
		return tmpFile, dir, err
	}

	var script string

	if runtime.GOOS == "windows" {
		script = "@echo off\necho " + pass + "\n"
	} else {
		script = "#!/bin/sh\necho '" + pass + "'\n"
	}

	err = internal.WriteFileWithPermissions(tmpFile, []byte(script), 0500)
	return tmpFile, dir, err
}
Beispiel #4
0
func TestServer(t *testing.T) {
	var shellScript string

	if runtime.GOOS == "windows" {
		shellScript = `@echo off
	set flag=%1
	set flag=%flag:"=%
	set args=%2
	set args=%args:"=%
	echo %flag% %args%
`
	} else {
		shellScript = `#!/bin/sh
echo $*
exit
`
	}

	shell, dir, err := internal.ScriptFile("govcs-ssh-shell")
	if err != nil {
		t.Fatal(err)
	}
	defer os.Remove(shell)
	if dir != "" {
		defer os.RemoveAll(dir)
	}

	err = internal.WriteFileWithPermissions(shell, []byte(shellScript), 0700)
	if err != nil {
		t.Fatal(err)
	}

	s, err := NewServer(shell, os.TempDir(), PrivateKey(SamplePrivKey))
	if err != nil {
		t.Fatal(err)
	}
	if err := s.Start(); err != nil {
		t.Fatal(err)
	}

	// Client
	cauth, err := clientAuth(SamplePrivKey)
	if err != nil {
		t.Fatal(err)
	}
	cconf := ssh.ClientConfig{User: "******"}
	cconf.Auth = append(cconf.Auth, cauth)
	sshc, err := ssh.Dial(s.l.Addr().Network(), s.l.Addr().String(), &cconf)
	if err != nil {
		t.Fatal(err)
	}
	defer sshc.Close()

	session, err := sshc.NewSession()
	if err != nil {
		t.Fatal(err)
	}
	defer session.Close()

	out, err := session.CombinedOutput("git-upload-pack 'foo'")
	if err != nil {
		t.Fatal(err)
	}
	if got, want := strings.TrimSpace(string(out)), "-c git-upload-pack 'foo'"; got != want {
		t.Errorf("got ssh session output %q, want %q", got, want)
	}
}