add beginings of ssh support

dhubler · dhubler · commit 017579f00c61 · 2017-10-02T16:56:42.000-04:00
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -1,26 +1,3 @@
-
-# Gopkg.toml example
-#
-# Refer to https://github.com/golang/dep/blob/master/docs/Gopkg.toml.md
-# for detailed Gopkg.toml documentation.
-#
-# required = ["github.com/user/thing/cmd/thing"]
-# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"]
-#
-# [[constraint]]
-#   name = "github.com/user/project"
-#   version = "1.0.0"
-#
-# [[constraint]]
-#   name = "github.com/user/project2"
-#   branch = "dev"
-#   source = "github.com/myfork/project2"
-#
-# [[override]]
-#  name = "github.com/x/y"
-#  version = "2.4.0"
-
-
 [[constraint]]
   branch = "master"
   name = "github.com/c2stack/c2g"
@@ -36,3 +13,11 @@
 [[constraint]]
   branch = "master"
   name = "github.com/mattn/anko"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/crypto"
+
+[[constraint]]
+  branch = "master"
+  name = "golang.org/x/sys"
diff --git a/ssh/mgmt.go b/ssh/mgmt.go
@@ -0,0 +1,19 @@
+package ssh
+
+import (
+	"github.com/c2stack/c2g/node"
+	"github.com/c2stack/c2g/nodes"
+)
+
+func Manage(s *Service) node.Node {
+	o := s.Options()
+	return &nodes.Extend{
+		Base: nodes.ReflectChild(&o),
+		OnEndEdit: func(p node.Node, r node.NodeRequest) error {
+			if err := p.EndEdit(r); err != nil {
+				return err
+			}
+			return s.Apply(o)
+		},
+	}
+}
diff --git a/ssh/mgmt_test.go b/ssh/mgmt_test.go
@@ -0,0 +1,25 @@
+package ssh
+
+import (
+	"testing"
+
+	"github.com/c2stack/c2g/nodes"
+
+	"github.com/c2stack/c2g/meta"
+	"github.com/c2stack/c2g/meta/yang"
+	"github.com/c2stack/c2g/node"
+)
+
+func TestManage(t *testing.T) {
+	s := NewService()
+	model := yang.RequireModule(&meta.FileStreamSource{Root: "../yang"}, "ssh")
+	b := node.NewBrowser(model, Manage(s))
+	config := `{
+		"address" : "127.0.0.1:2202",
+		"hostKeyFiles" : ["testdata/server_key_rsa"],
+		"authorizedKeysFile" : "testdata/authorized_keys"
+	}`
+	if err := b.Root().InsertFrom(nodes.ReadJSON(config)).LastErr; err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/ssh/service.go b/ssh/service.go
@@ -0,0 +1,129 @@
+package ssh
+
+import (
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net"
+
+	"github.com/c2stack/c2g/c2"
+
+	gssh "golang.org/x/crypto/ssh"
+	"golang.org/x/crypto/ssh/terminal"
+)
+
+type Service struct {
+	config         *gssh.ServerConfig
+	authorizedKeys map[string]struct{}
+	stop           func()
+	options        Options
+}
+
+type Options struct {
+	Address            string
+	HostKeyFiles       []string
+	AuthorizedKeysFile string
+}
+
+func NewService() *Service {
+	s := &Service{}
+	return s
+}
+
+func (self *Service) Options() Options {
+	return self.options
+}
+
+func (self *Service) Apply(options Options) error {
+	if self.stop != nil {
+		self.stop()
+	}
+	self.config = &gssh.ServerConfig{
+		PasswordCallback:  self.passwordAuth,
+		PublicKeyCallback: self.keyAuth,
+	}
+	for _, k := range options.HostKeyFiles {
+		privateBytes, err := ioutil.ReadFile(k)
+		if err != nil {
+			return c2.NewErr(fmt.Sprintf("Failed to load private key %s : %v", k, err))
+		}
+		private, err := gssh.ParsePrivateKey(privateBytes)
+		if err != nil {
+			return c2.NewErr(fmt.Sprintf("Failed to parse private key %s: %v", k, err))
+		}
+		self.config.AddHostKey(private)
+	}
+
+	authBytes, err := ioutil.ReadFile(options.AuthorizedKeysFile)
+	if err != nil {
+		return c2.NewErr(fmt.Sprintf("Failed to read authorized file %s : %v", options.AuthorizedKeysFile, err))
+	}
+	self.authorizedKeys = make(map[string]struct{})
+	for len(authBytes) > 0 {
+		pubKey, _, _, rest, err := gssh.ParseAuthorizedKey(authBytes)
+		if err != nil {
+			log.Fatal(err)
+		}
+		self.authorizedKeys[string(pubKey.Marshal())] = struct{}{}
+		authBytes = rest
+	}
+
+	self.options = options
+	go self.start()
+	return nil
+}
+
+func (self *Service) passwordAuth(c gssh.ConnMetadata, pass []byte) (*gssh.Permissions, error) {
+	return nil, nil
+}
+
+func (self *Service) keyAuth(c gssh.ConnMetadata, pubKey gssh.PublicKey) (*gssh.Permissions, error) {
+	return nil, nil
+}
+
+func (self *Service) start() error {
+	l, err := net.Listen("tcp", self.options.Address)
+	if err != nil {
+		return err
+	}
+
+	c, err := l.Accept()
+	if err != nil {
+		return err
+	}
+
+	_, chans, reqs, err := gssh.NewServerConn(c, self.config)
+	if err != nil {
+		return err
+	}
+
+	go gssh.DiscardRequests(reqs)
+
+	for newChannel := range chans {
+		fmt.Println("new channel")
+		if newChannel.ChannelType() != "session" {
+			newChannel.Reject(gssh.UnknownChannelType, "unknown channel type")
+		}
+		ch, req, err := newChannel.Accept()
+		if err != nil {
+			log.Fatalf("Could not accept channel: %v", err)
+		}
+		go func(in <-chan *gssh.Request) {
+			for req := range in {
+				req.Reply(req.Type == "shell", nil)
+			}
+		}(req)
+		term := terminal.NewTerminal(ch, "> ")
+		go func() {
+			defer ch.Close()
+			for {
+				line, err := term.ReadLine()
+				if err != nil {
+					break
+				}
+				fmt.Println(line)
+			}
+		}()
+	}
+	return nil
+}
diff --git a/ssh/service_test.go b/ssh/service_test.go
@@ -0,0 +1,16 @@
+package ssh
+
+import "testing"
+
+func TestService(t *testing.T) {
+	s := NewService()
+	o := s.Options()
+	o.Address = "0.0.0.0:2202"
+	o.HostKeyFiles = []string{
+		"testdata/server_key_rsa",
+	}
+	o.AuthorizedKeysFile = "testdata/authorized_keys"
+	if err := s.Apply(o); err != nil {
+		t.Fatal(err)
+	}
+}
diff --git a/ssh/testdata/ans/hosts b/ssh/testdata/ans/hosts
@@ -0,0 +1 @@
+localhost:2202
diff --git a/ssh/testdata/authorized_keys b/ssh/testdata/authorized_keys
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgP5udRUU8wLJjn92qBj6Vrja/GeolvyikOxQhCfBMwcnmua3Hc0CFatguEguFjdTlh/vJSLS6/gcg+GrDfXLealQhn0K+m3NugTVa8RlUUHx5gySO7vG8lcn/rkgWUZ1N/HVl1G1KknvZm+aRj83rQPjvCFzIvPrQ3uZM0spf+/g2FPt+KI7S1AdmSrPEI0/rj4wu5YrjnMUtStwLYB8iYA+QNT/UuuYIhW3Wl2kGt2K0T0HaYsi0hGVCe1+qrdoCHyDuSHFuRs9b68DOzMGPyREoyu5yCaxI+e2WN3DCeoZ5w3fMe/dGn/KhL45x2258TGnO2ITDNRTbV865DqUx dhubler@dhubler-mba.home
diff --git a/ssh/testdata/client_rsa b/ssh/testdata/client_rsa
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4D+bnUVFPMCyY5/dqgY+la42vxnqJb8opDsUIQnwTMHJ5rmt
+x3NAhWrYLhILhY3U5Yf7yUi0uv4HIPhqw31y3mpUIZ9CvptzboE1WvEZVFB8eYMk
+ju7xvJXJ/65IFlGdTfx1ZdRtSpJ72ZvmkY/N60D47whcyLz60N7mTNLKX/v4NhT7
+fiiO0tQHZkqzxCNP64+MLuWK45zFLUrcC2AfImAPkDU/1LrmCIVt1pdpBrditE9B
+2mLItIRlQntfqq3aAh8g7khxbkbPW+vAzszBj8kRKMrucgmsSPntljdwwnqGecN3
+zHv3Rp/yoS+OcdtufExpztiEwzUU21fOuQ6lMQIDAQABAoIBAG5RvIuNVXeC0P/D
+2PfZJJbcYuB2rkMtnJ/W1JtAWXBZcatJM13IrDg2jO11QSfN06urz0mBtC+94uHs
+dBGCOK2En6j+wYYl0Y7Oj+ISdESPZ/0bcDPFBzWgdwSKx7n7IqkIBvU2oSGrmLRA
+RxjbJxGSICTv9z1mAvoYfjHTDW5UCkRLwvWrjcxHfmCSUpiJKbFJFMbaNftzoo67
++UwX6XfmM/xO41fNRkMzySbdukgItzZ7lrhtZrrzhealECduuMLn+mIDkXfysApw
+1pbYIm//DzGx6+tQ3PTWOTdzzd450nixw2djsrBIyLM72QkksUf8qsT0CTZPEyyR
+fGXgoOUCgYEA9Sncd6OEEMor6Ni8K1SU3eLLgVI/gKGVlppxiNwb5Tj8TtIr0SXT
+eWrIbUr5dtZhu5fLgyT1it45H47fkHf97a47Sp82E0ot3KU42akeRuvvFMLaY18N
+8F/3ogO63vtc0CTffCionrYLMw9Y/WbSzEPtIS4WwYYkVwCd9AFhj/cCgYEA6ikV
+SlDiSYTGjo6RS3jXJuygpP9jFvDsBLfIUyDmqZF6dnk8a02bmlDwtr51g2zGgUA9
+OfbcZzHdyTjEHYxHCBTnBtz+ypODWtUeY6DUDMM0Eu0vI5BWRiK1f0X/nKnf8JvL
+cGQ1N1vm6eQL8D8FN0zNgOk+mN/00e4YR40JehcCgYAU7wogPRodxOWS8E7A9Gvx
+tlfiJv+9IA8B2RYwtXq8S+1fXZrYNP6ls3SBwJEkkJGvzvpVrGY7AVanVy/Hyjco
+gGQXrxiS9RaNbJ46F7K6I5M6lpjHO2qZR9iBQQhH2fbG3x8mHuKnCqxSI9FZcdo2
+DubEmobe53Fa7HaQSz3laQKBgQDa809VDgyJcf23jteNGpETdG9B2QtuiBgo0TAf
+isQkCkPYQ8SbERZOVSC/v5diLHPwp4CYkpvEYnxfixTWDDTe+ayMXlhgU06fwGeK
+APhGdsBaci2Bs5T4P7w2Jd29P5qGASdZEFoySVzBltsS6dqWutntkCtYBxGEun05
+akdSQQKBgQCj6VKIVE9GgQhZBjOu5bPdk8tns5dcymr6eD3cJ5C70S8cTi4n0BCC
+f+4IIeVY/j+EzvvlvZT2LYgWBEDn2Ajt+SndrthWYJBxKxB5Mnt0P7ixAOmj4+kJ
+EXf0mCWstCVA+LOoMEAjEmIgvoFl1gqz9RGhOh+tb+PqlYvT3hwt6A==
+-----END RSA PRIVATE KEY-----
diff --git a/ssh/testdata/client_rsa.pub b/ssh/testdata/client_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgP5udRUU8wLJjn92qBj6Vrja/GeolvyikOxQhCfBMwcnmua3Hc0CFatguEguFjdTlh/vJSLS6/gcg+GrDfXLealQhn0K+m3NugTVa8RlUUHx5gySO7vG8lcn/rkgWUZ1N/HVl1G1KknvZm+aRj83rQPjvCFzIvPrQ3uZM0spf+/g2FPt+KI7S1AdmSrPEI0/rj4wu5YrjnMUtStwLYB8iYA+QNT/UuuYIhW3Wl2kGt2K0T0HaYsi0hGVCe1+qrdoCHyDuSHFuRs9b68DOzMGPyREoyu5yCaxI+e2WN3DCeoZ5w3fMe/dGn/KhL45x2258TGnO2ITDNRTbV865DqUx dhubler@dhubler-mba.home
diff --git a/ssh/testdata/server_key_rsa b/ssh/testdata/server_key_rsa
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAxNwQ6LH6Skt3wO4OoT7dyqmw/77FE3OdplF+etmgRMIJRoZF
+e7LKZ71e2mjJMLnv9qDG2dPJj/gzcwhxhrzu08/xeJNewJXpxgyUJ0+n+zOloRt2
+hz5WO6T4QIntLJaOpYcO7jpiegDj8nl1tIFidUUvELwU8w8tpKoHUsomq4LjSVkH
+Zm7dejh+mhfeJVxZcBKWI21gX/TvgH+j3i2X+Tr/am3G2zoSzTbkd/G6LhpmuAAT
+8KHIV99ovDghcH99vbbkh1DZsZXLWHVVGaY4M68r5fL9b0yEiocxjppk7ex8GvWz
+8Rp1Noo+PxZpTAnYV8NGz9tlUxxoPyb2siI/1wIDAQABAoIBADSX6riQXCMfOHZF
+44i2yACOB2i8KeDBgbveh+EAZW4ZPOsnkkazBJpkoIPPfPjUpESKvbWSfIZHNE+m
+UNZDgbb7FjM1hBoFszgjQi2ifWmCady5/pexUs6Ki3yKnN/NtXyJsbZ5yLd5p2yv
+gH/iFVDpU+KvrRUm1/XnKx+2PFCTpnjFfTkVs5qC3RotzxtQ4LBTS8t6gGlgKhDo
+ONfU/ArypEqd0OoaVkDOGx+QnsWtpUUsOGsWYQudDsAVw0dEECoDjQLRj3CiqR9G
+IoZwjSyWNLVM/Kzk2Yfw8vvvbwkS3/XsJQMav8iDwvJ4ltnH09WbL2KwIgBQb7H3
+rAKUmbECgYEA45PDU5o8EphgwxiGS+o1FSbIu6gNiLyzZvVZar+VO1NqlAgoCJjr
+Ul+/saBefSc863rA3Tfg+V/4vBuJsxCZ7CtF2bNEaPf3fjQ72+3JUCNYQGAk9JEn
+ft7tftxpY+PuU6rswD6lql1IjsznV85Jy6HbpAmiy3vuQm2LjyZ/0YkCgYEA3XIu
+qvkHFIK9lL6+khVBfzEISnfF9RYYjwjE6Lex2SWfEeY2E4e5hiVg6stbDzM4JbVw
+fiBcY57mtn6qUTwC/pmf6sJKUBaInzIgGBgBo+YBixqjEE/Fkdhr5+7ZGkv6msM6
+KtgUZb1/c9jjj31ypsQo+jmD3+mnpgZeepfODl8CgYEA3sAb2LHHiN/zHiLcGGQ2
+7uwWYG9+R8+Dvgv6KJ07IWVllV1iaf/bnbYweFkjA1crrsVpD16Jay1/1gcSQd3G
++z3j0dFA7YmAitvvlzXo7PKbh+9TXLrTMMBdL+XnlilcdjKAJy9qkhVaVsPC0NQO
+sS1NQgNYf9le/VAh4MzrIRkCgYAG5J7/Q3Es+kTcdHOKKI85XlVbvA61alKpYSR/
++ffXQoyJChl00iy8OD2kEWBsQLPmuJcf1fIKR8/2rkqu7KdLNYz8yb92br0h93V4
+SocCiw5RPisFPvZva8UwGwc3AlZyqtEMtF0uLY/iE0ZCGS2Qc1qzL0cjmSpWyKv4
+NPF9EQKBgEF0GfnsKBOgFllpDN1eSpki2mzE/g4IkqRZMcGepCvWzI+Vu/WWSFcm
+T1KzTto/BPsvjl4S/yNvhKw0GGRUYH29KkO97ffBUV564IrSJ2WLs8nJpUxdSAMG
+tm/DNg1bfOshhnqhoVtutZJI45FlsTU0kFVph3+E92Ru4lTIMQtN
+-----END RSA PRIVATE KEY-----
diff --git a/ssh/testdata/server_key_rsa.pub b/ssh/testdata/server_key_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDE3BDosfpKS3fA7g6hPt3KqbD/vsUTc52mUX562aBEwglGhkV7sspnvV7aaMkwue/2oMbZ08mP+DNzCHGGvO7Tz/F4k17AlenGDJQnT6f7M6WhG3aHPlY7pPhAie0slo6lhw7uOmJ6AOPyeXW0gWJ1RS8QvBTzDy2kqgdSyiarguNJWQdmbt16OH6aF94lXFlwEpYjbWBf9O+Af6PeLZf5Ov9qbcbbOhLNNuR38bouGma4ABPwochX32i8OCFwf329tuSHUNmxlctYdVUZpjgzryvl8v1vTISKhzGOmmTt7Hwa9bPxGnU2ij4/FmlMCdhXw0bP22VTHGg/JvayIj/X dhubler@dhubler-mba.home
diff --git a/yang/ssh.yang b/yang/ssh.yang
@@ -0,0 +1,20 @@
+module console {
+    prefix "";
+    namespace "";
+    revision 0;
+
+    leaf address {
+        description "bind IP and port to use for server. e.g. 0.0.0.0:2202";
+        type string;
+    }
+
+    leaf-list hostKeyFiles {
+        description "PEM encoded private keys to use for server";
+        type string;
+    }
+
+    leaf authorizedKeysFile {
+        description "plain test file listing public key of each allowed client. Same format as ~/.ssh/authorized_keys";
+        type string;
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDgP5udRUU8wLJjn92qBj6Vrja/GeolvyikOxQhCfBMwcnmua3Hc0CFatguEguFjdTlh/vJSLS6/gcg+GrDfXLealQhn0K+m3NugTVa8RlUUHx5gySO7vG8lcn/rkgWUZ1N/HVl1G1KknvZm+aRj83rQPjvCFzIvPrQ3uZM0spf+/g2FPt+KI7S1AdmSrPEI0/rj4wu5YrjnMUtStwLYB8iYA+QNT/UuuYIhW3Wl2kGt2K0T0HaYsi0hGVCe1+qrdoCHyDuSHFuRs9b68DOzMGPyREoyu5yCaxI+e2WN3DCeoZ5w3fMe/dGn/KhL45x2258TGnO2ITDNRTbV865DqUx [email protected]`