mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-11-04 00:11:04 +00:00
704da08fdc* Panic don't fatal on create new logger Fixes #5854 Signed-off-by: Andrew Thornton <art27@cantab.net> * partial broken * Update the logging infrastrcture Signed-off-by: Andrew Thornton <art27@cantab.net> * Reset the skip levels for Fatal and Error Signed-off-by: Andrew Thornton <art27@cantab.net> * broken ncsa * More log.Error fixes Signed-off-by: Andrew Thornton <art27@cantab.net> * Remove nal * set log-levels to lowercase * Make console_test test all levels * switch to lowercased levels * OK now working * Fix vetting issues * Fix lint * Fix tests * change default logging to match current gitea * Improve log testing Signed-off-by: Andrew Thornton <art27@cantab.net> * reset error skip levels to 0 * Update documentation and access logger configuration * Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE * Fix broken level caching * Refactor the router log * Add Router logger * Add colorizing options * Adjust router colors * Only create logger if they will be used * update app.ini.sample * rename Attribute ColorAttribute * Change from white to green for function * Set fatal/error levels * Restore initial trace logger * Fix Trace arguments in modules/auth/auth.go * Properly handle XORMLogger * Improve admin/config page * fix fmt * Add auto-compression of old logs * Update error log levels * Remove the unnecessary skip argument from Error, Fatal and Critical * Add stacktrace support * Fix tests * Remove x/sync from vendors? * Add stderr option to console logger * Use filepath.ToSlash to protect against Windows in tests * Remove prefixed underscores from names in colors.go * Remove not implemented database logger This was removed from Gogs on 4 Mar 2016 but left in the configuration since then. * Ensure that log paths are relative to ROOT_PATH * use path.Join * rename jsonConfig to logConfig * Rename "config" to "jsonConfig" to make it clearer * Requested changes * Requested changes: XormLogger * Try to color the windows terminal If successful default to colorizing the console logs * fixup * Colorize initially too * update vendor * Colorize logs on default and remove if this is not a colorizing logger * Fix documentation * fix test * Use go-isatty to detect if on windows we are on msys or cygwin * Fix spelling mistake * Add missing vendors * More changes * Rationalise the ANSI writer protection * Adjust colors on advice from @0x5c * Make Flags a comma separated list * Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING * Ensure matching is done on the non-colored message - to simpify EXPRESSION
238 lines
6.3 KiB
Go
238 lines
6.3 KiB
Go
// Copyright 2014 The Gogs Authors. All rights reserved.
|
|
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package ssh
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/x509"
|
|
"encoding/pem"
|
|
"io"
|
|
"io/ioutil"
|
|
"net"
|
|
"os"
|
|
"os/exec"
|
|
"path/filepath"
|
|
"strings"
|
|
|
|
"github.com/Unknwon/com"
|
|
"golang.org/x/crypto/ssh"
|
|
|
|
"code.gitea.io/gitea/models"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/modules/setting"
|
|
)
|
|
|
|
func cleanCommand(cmd string) string {
|
|
i := strings.Index(cmd, "git")
|
|
if i == -1 {
|
|
return cmd
|
|
}
|
|
return cmd[i:]
|
|
}
|
|
|
|
func handleServerConn(keyID string, chans <-chan ssh.NewChannel) {
|
|
for newChan := range chans {
|
|
if newChan.ChannelType() != "session" {
|
|
newChan.Reject(ssh.UnknownChannelType, "unknown channel type")
|
|
continue
|
|
}
|
|
|
|
ch, reqs, err := newChan.Accept()
|
|
if err != nil {
|
|
log.Error("Error accepting channel: %v", err)
|
|
continue
|
|
}
|
|
|
|
go func(in <-chan *ssh.Request) {
|
|
defer ch.Close()
|
|
for req := range in {
|
|
payload := cleanCommand(string(req.Payload))
|
|
switch req.Type {
|
|
case "env":
|
|
args := strings.Split(strings.Replace(payload, "\x00", "", -1), "\v")
|
|
if len(args) != 2 {
|
|
log.Warn("SSH: Invalid env arguments: '%#v'", args)
|
|
continue
|
|
}
|
|
args[0] = strings.TrimLeft(args[0], "\x04")
|
|
_, _, err := com.ExecCmdBytes("env", args[0]+"="+args[1])
|
|
if err != nil {
|
|
log.Error("env: %v", err)
|
|
return
|
|
}
|
|
case "exec":
|
|
cmdName := strings.TrimLeft(payload, "'()")
|
|
log.Trace("SSH: Payload: %v", cmdName)
|
|
|
|
args := []string{"serv", "key-" + keyID, "--config=" + setting.CustomConf}
|
|
log.Trace("SSH: Arguments: %v", args)
|
|
cmd := exec.Command(setting.AppPath, args...)
|
|
cmd.Env = append(
|
|
os.Environ(),
|
|
"SSH_ORIGINAL_COMMAND="+cmdName,
|
|
"SKIP_MINWINSVC=1",
|
|
)
|
|
|
|
stdout, err := cmd.StdoutPipe()
|
|
if err != nil {
|
|
log.Error("SSH: StdoutPipe: %v", err)
|
|
return
|
|
}
|
|
stderr, err := cmd.StderrPipe()
|
|
if err != nil {
|
|
log.Error("SSH: StderrPipe: %v", err)
|
|
return
|
|
}
|
|
input, err := cmd.StdinPipe()
|
|
if err != nil {
|
|
log.Error("SSH: StdinPipe: %v", err)
|
|
return
|
|
}
|
|
|
|
// FIXME: check timeout
|
|
if err = cmd.Start(); err != nil {
|
|
log.Error("SSH: Start: %v", err)
|
|
return
|
|
}
|
|
|
|
req.Reply(true, nil)
|
|
go io.Copy(input, ch)
|
|
io.Copy(ch, stdout)
|
|
io.Copy(ch.Stderr(), stderr)
|
|
|
|
if err = cmd.Wait(); err != nil {
|
|
log.Error("SSH: Wait: %v", err)
|
|
return
|
|
}
|
|
|
|
ch.SendRequest("exit-status", false, []byte{0, 0, 0, 0})
|
|
return
|
|
default:
|
|
}
|
|
}
|
|
}(reqs)
|
|
}
|
|
}
|
|
|
|
func listen(config *ssh.ServerConfig, host string, port int) {
|
|
listener, err := net.Listen("tcp", host+":"+com.ToStr(port))
|
|
if err != nil {
|
|
log.Fatal("Failed to start SSH server: %v", err)
|
|
}
|
|
for {
|
|
// Once a ServerConfig has been configured, connections can be accepted.
|
|
conn, err := listener.Accept()
|
|
if err != nil {
|
|
log.Error("SSH: Error accepting incoming connection: %v", err)
|
|
continue
|
|
}
|
|
|
|
// Before use, a handshake must be performed on the incoming net.Conn.
|
|
// It must be handled in a separate goroutine,
|
|
// otherwise one user could easily block entire loop.
|
|
// For example, user could be asked to trust server key fingerprint and hangs.
|
|
go func() {
|
|
log.Trace("SSH: Handshaking for %s", conn.RemoteAddr())
|
|
sConn, chans, reqs, err := ssh.NewServerConn(conn, config)
|
|
if err != nil {
|
|
if err == io.EOF {
|
|
log.Warn("SSH: Handshaking with %s was terminated: %v", conn.RemoteAddr(), err)
|
|
} else {
|
|
log.Error("SSH: Error on handshaking with %s: %v", conn.RemoteAddr(), err)
|
|
}
|
|
return
|
|
}
|
|
|
|
log.Trace("SSH: Connection from %s (%s)", sConn.RemoteAddr(), sConn.ClientVersion())
|
|
// The incoming Request channel must be serviced.
|
|
go ssh.DiscardRequests(reqs)
|
|
go handleServerConn(sConn.Permissions.Extensions["key-id"], chans)
|
|
}()
|
|
}
|
|
}
|
|
|
|
// Listen starts a SSH server listens on given port.
|
|
func Listen(host string, port int, ciphers []string, keyExchanges []string, macs []string) {
|
|
config := &ssh.ServerConfig{
|
|
Config: ssh.Config{
|
|
Ciphers: ciphers,
|
|
KeyExchanges: keyExchanges,
|
|
MACs: macs,
|
|
},
|
|
PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
|
|
pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
|
|
if err != nil {
|
|
log.Error("SearchPublicKeyByContent: %v", err)
|
|
return nil, err
|
|
}
|
|
return &ssh.Permissions{Extensions: map[string]string{"key-id": com.ToStr(pkey.ID)}}, nil
|
|
},
|
|
}
|
|
|
|
keyPath := filepath.Join(setting.AppDataPath, "ssh/gogs.rsa")
|
|
if !com.IsExist(keyPath) {
|
|
filePath := filepath.Dir(keyPath)
|
|
|
|
if err := os.MkdirAll(filePath, os.ModePerm); err != nil {
|
|
log.Error("Failed to create dir %s: %v", filePath, err)
|
|
}
|
|
|
|
err := GenKeyPair(keyPath)
|
|
if err != nil {
|
|
log.Fatal("Failed to generate private key: %v", err)
|
|
}
|
|
log.Trace("SSH: New private key is generateed: %s", keyPath)
|
|
}
|
|
|
|
privateBytes, err := ioutil.ReadFile(keyPath)
|
|
if err != nil {
|
|
log.Fatal("SSH: Failed to load private key")
|
|
}
|
|
private, err := ssh.ParsePrivateKey(privateBytes)
|
|
if err != nil {
|
|
log.Fatal("SSH: Failed to parse private key")
|
|
}
|
|
config.AddHostKey(private)
|
|
|
|
go listen(config, host, port)
|
|
}
|
|
|
|
// GenKeyPair make a pair of public and private keys for SSH access.
|
|
// Public key is encoded in the format for inclusion in an OpenSSH authorized_keys file.
|
|
// Private Key generated is PEM encoded
|
|
func GenKeyPair(keyPath string) error {
|
|
privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
privateKeyPEM := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)}
|
|
f, err := os.OpenFile(keyPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer f.Close()
|
|
|
|
if err := pem.Encode(f, privateKeyPEM); err != nil {
|
|
return err
|
|
}
|
|
|
|
// generate public key
|
|
pub, err := ssh.NewPublicKey(&privateKey.PublicKey)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
public := ssh.MarshalAuthorizedKey(pub)
|
|
p, err := os.OpenFile(keyPath+".pub", os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer p.Close()
|
|
_, err = p.Write(public)
|
|
return err
|
|
}
|