Skip to content

Commit

Permalink
Merge pull request #10 from connectedcars/agent-sock-path
Browse files Browse the repository at this point in the history
Allow setting auth sock location
  • Loading branch information
tlbdk authored Oct 18, 2022
2 parents 64ced2b + 33a4d6e commit 6d787c3
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 30 deletions.
29 changes: 28 additions & 1 deletion cmd/authwrapper/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,14 @@ package main

import (
"fmt"
"io/ioutil"
"log"
"math/rand"
"os"
"strings"
"time"

"github.com/connectedcars/auth-wrapper/sshagent"
"golang.org/x/crypto/ssh"
)

Expand Down Expand Up @@ -67,7 +70,21 @@ func main() {
}
}

exitCode, err := runCommandWithSSHAgent(agent, config.Command, config.Args)
var sshAuthSock string
if config.SSHAgentSocketPath != "" {
sshAuthSock = config.SSHAgentSocketPath
} else {
// Generate random filename
dir, err := ioutil.TempDir(os.TempDir(), "")
if err != nil {
log.Fatal(err)
}
sshAuthSock = dir + "/" + generateRandomString(8) + ".sock"
}

sshagent.StartSSHAgentServer(agent, sshAuthSock)

exitCode, err := runCommandWithSSHAgent(sshAuthSock, config.Command, config.Args)
if err != nil {
log.Fatalf("runCommandWithSSHAgent: %v", err)
}
Expand All @@ -77,3 +94,13 @@ func main() {
}
os.Exit(exitCode)
}

const letterBytes = "abcdefghijklmnopqrstuvwxyz"

func generateRandomString(n int) string {
b := make([]byte, n)
for i := range b {
b[i] = letterBytes[rand.Intn(len(letterBytes))]
}
return string(b)
}
3 changes: 3 additions & 0 deletions cmd/authwrapper/setup.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ type Config struct {
SSHCaAuthorizedKeysPath string
SSHSigningServerAddress string
SSHAgentSocket string
SSHAgentSocketPath string
AuthWrapperQuiet bool
}

Expand All @@ -55,6 +56,7 @@ func parseEnvironment() (*Config, error) {
SSHCaAuthorizedKeysPath: os.Getenv("SSH_CA_AUTHORIZED_KEYS_PATH"),
SSHSigningServerAddress: os.Getenv("SSH_SIGNING_SERVER_LISTEN_ADDRESS"),
SSHAgentSocket: os.Getenv("SSH_AUTH_SOCK"),
SSHAgentSocketPath: os.Getenv("SSH_AUTH_SOCK_PATH"),
AuthWrapperQuiet: isAuthWrapperQuiet,
}
os.Unsetenv("WRAP_COMMAND")
Expand All @@ -65,6 +67,7 @@ func parseEnvironment() (*Config, error) {
os.Unsetenv("SSH_CA_KEY_PASSWORD")
os.Unsetenv("SSH_SIGNING_SERVER_LISTEN_ADDRESS")
os.Unsetenv("SSH_AUTH_SOCK")
os.Unsetenv("SSH_AUTH_SOCK_PATH")
os.Unsetenv("AUTH_WRAPPER_QUIET")

if *principalsFlag != "" {
Expand Down
9 changes: 2 additions & 7 deletions cmd/authwrapper/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,18 +17,13 @@ import (

"github.com/connectedcars/auth-wrapper/kms/google"
"github.com/connectedcars/auth-wrapper/server"
"github.com/connectedcars/auth-wrapper/sshagent"

"golang.org/x/crypto/ssh"
"golang.org/x/crypto/ssh/agent"
)

var httpClient = &http.Client{Timeout: 10 * time.Second}

func runCommandWithSSHAgent(agent agent.ExtendedAgent, command string, args []string) (exitCode int, err error) {
sshAuthSock, err := sshagent.StartSSHAgentServer(agent)
if err != nil {
return 255, fmt.Errorf("Failed to start ssh agent server: %v", err)
}
func runCommandWithSSHAgent(sshAuthSock string, command string, args []string) (exitCode int, err error) {

os.Setenv("SSH_AUTH_SOCK", sshAuthSock)

Expand Down
23 changes: 1 addition & 22 deletions sshagent/sshagent.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,7 @@ package sshagent

import (
"fmt"
"io/ioutil"
"log"
"math/rand"
"net"
"os"
"strings"
Expand All @@ -14,14 +12,7 @@ import (
)

// StartSSHAgentServer start an SSH Agent server and loads the given private key
func StartSSHAgentServer(sshAgent agent.Agent) (sshAuthSock string, error error) {
// Generate random filename
dir, err := ioutil.TempDir(os.TempDir(), "")
if err != nil {
log.Fatal(err)
}
sshAuthSock = dir + "/" + generateRandomString(8) + ".sock"

func StartSSHAgentServer(sshAgent agent.Agent, sshAuthSock string) {
go func() {
// Open SSH agent socket
if err := os.RemoveAll(sshAuthSock); err != nil {
Expand All @@ -42,8 +33,6 @@ func StartSSHAgentServer(sshAgent agent.Agent) (sshAuthSock string, error error)
go agent.ServeAgent(sshAgent, conn)
}
}()

return sshAuthSock, err
}

// ConnectSSHAgent connects to a SSH agent socket and returns a agent.ExtendedAgent
Expand All @@ -55,16 +44,6 @@ func ConnectSSHAgent(socket string) (agent.ExtendedAgent, error) {
return agent.NewClient(conn), nil
}

const letterBytes = "abcdefghijklmnopqrstuvwxyz"

func generateRandomString(n int) string {
b := make([]byte, n)
for i := range b {
b[i] = letterBytes[rand.Intn(len(letterBytes))]
}
return string(b)
}

// ParsePrivateSSHKey parses a private key
func ParsePrivateSSHKey(privateKeyBytes []byte, passphrase string) (interface{}, error) {
var err error
Expand Down

0 comments on commit 6d787c3

Please sign in to comment.