// Makes system-dependent SSH wrapper func gitSSHWrapper(keyFile string, otherOpt string) (sshWrapperFile string, tempDir string, err error) { // TODO(sqs): encrypt and store the key in the env so that // attackers can't decrypt if they have disk access after our // process dies var script string if runtime.GOOS == "windows" { script = ` @echo off ssh -o ControlMaster=no -o ControlPath=none ` + otherOpt + ` -i ` + filepath.ToSlash(keyFile) + ` "%@" ` } else { script = ` #!/bin/sh exec /usr/bin/ssh -o ControlMaster=no -o ControlPath=none ` + otherOpt + ` -i ` + filepath.ToSlash(keyFile) + ` "$@" ` } sshWrapperName, tempDir, err := internal.ScriptFile("go-vcs-gitcmd") if err != nil { return sshWrapperName, tempDir, err } err = internal.WriteFileWithPermissions(sshWrapperName, []byte(script), 0500) return sshWrapperName, tempDir, err }
// makeGitPassHelper writes a GIT_ASKPASS helper that supplies password over stdout. // You should remove the passHelper (and tempDir if any) after using it. func makeGitPassHelper(pass string) (passHelper string, tempDir string, err error) { tmpFile, dir, err := internal.ScriptFile("go-vcs-gitcmd-ask") if err != nil { return tmpFile, dir, err } passPath := filepath.Join(dir, "password") err = internal.WriteFileWithPermissions(passPath, []byte(pass), 0600) if err != nil { return tmpFile, dir, err } var script string // We assume passPath can be escaped with a simple wrapping of single // quotes. The path is not user controlled so this assumption should // not be violated. if runtime.GOOS == "windows" { script = "@echo off\ntype " + passPath + "\n" } else { script = "#!/bin/sh\ncat '" + passPath + "'\n" } err = internal.WriteFileWithPermissions(tmpFile, []byte(script), 0500) return tmpFile, dir, err }
// makeGitPassHelper writes a GIT_ASKPASS helper that supplies password over stdout. // You should remove the passHelper (and tempDir if any) after using it. func makeGitPassHelper(pass string) (passHelper string, tempDir string, err error) { tmpFile, dir, err := internal.ScriptFile("go-vcs-gitcmd-ask") if err != nil { return tmpFile, dir, err } var script string if runtime.GOOS == "windows" { script = "@echo off\necho " + pass + "\n" } else { script = "#!/bin/sh\necho '" + pass + "'\n" } err = internal.WriteFileWithPermissions(tmpFile, []byte(script), 0500) return tmpFile, dir, err }
func TestServer(t *testing.T) { var shellScript string if runtime.GOOS == "windows" { shellScript = `@echo off set flag=%1 set flag=%flag:"=% set args=%2 set args=%args:"=% echo %flag% %args% ` } else { shellScript = `#!/bin/sh echo $* exit ` } shell, dir, err := internal.ScriptFile("govcs-ssh-shell") if err != nil { t.Fatal(err) } defer os.Remove(shell) if dir != "" { defer os.RemoveAll(dir) } err = internal.WriteFileWithPermissions(shell, []byte(shellScript), 0700) if err != nil { t.Fatal(err) } s, err := NewServer(shell, os.TempDir(), PrivateKey(SamplePrivKey)) if err != nil { t.Fatal(err) } if err := s.Start(); err != nil { t.Fatal(err) } // Client cauth, err := clientAuth(SamplePrivKey) if err != nil { t.Fatal(err) } cconf := ssh.ClientConfig{User: "******"} cconf.Auth = append(cconf.Auth, cauth) sshc, err := ssh.Dial(s.l.Addr().Network(), s.l.Addr().String(), &cconf) if err != nil { t.Fatal(err) } defer sshc.Close() session, err := sshc.NewSession() if err != nil { t.Fatal(err) } defer session.Close() out, err := session.CombinedOutput("git-upload-pack 'foo'") if err != nil { t.Fatal(err) } if got, want := strings.TrimSpace(string(out)), "-c git-upload-pack 'foo'"; got != want { t.Errorf("got ssh session output %q, want %q", got, want) } }