44"context"
55"crypto/rand"
66"crypto/rsa"
7+ "encoding/json"
78"errors"
89"fmt"
910"io"
@@ -12,10 +13,14 @@ import (
1213"os/exec"
1314"os/user"
1415"runtime"
16+ "strconv"
1517"strings"
1618"sync"
1719"time"
1820
21+ "github.com/google/uuid"
22+ "github.com/smallnest/ringbuffer"
23+
1924gsyslog"github.com/hashicorp/go-syslog"
2025"go.uber.org/atomic"
2126
@@ -33,6 +38,11 @@ import (
3338"golang.org/x/xerrors"
3439)
3540
41+ type Options struct {
42+ ReconnectingPTYTimeout time.Duration
43+ Logger slog.Logger
44+ }
45+
3646type Metadata struct {
3747OwnerEmail string `json:"owner_email"`
3848OwnerUsername string `json:"owner_username"`
@@ -42,13 +52,20 @@ type Metadata struct {
4252
4353type Dialer func (ctx context.Context ,logger slog.Logger ) (Metadata ,* peerbroker.Listener ,error )
4454
45- func New (dialer Dialer ,logger slog.Logger ) io.Closer {
55+ func New (dialer Dialer ,options * Options ) io.Closer {
56+ if options == nil {
57+ options = & Options {}
58+ }
59+ if options .ReconnectingPTYTimeout == 0 {
60+ options .ReconnectingPTYTimeout = 5 * time .Minute
61+ }
4662ctx ,cancelFunc := context .WithCancel (context .Background ())
4763server := & agent {
48- dialer :dialer ,
49- logger :logger ,
50- closeCancel :cancelFunc ,
51- closed :make (chan struct {}),
64+ dialer :dialer ,
65+ reconnectingPTYTimeout :options .ReconnectingPTYTimeout ,
66+ logger :options .Logger ,
67+ closeCancel :cancelFunc ,
68+ closed :make (chan struct {}),
5269}
5370server .init (ctx )
5471return server
@@ -58,6 +75,9 @@ type agent struct {
5875dialer Dialer
5976logger slog.Logger
6077
78+ reconnectingPTYs sync.Map
79+ reconnectingPTYTimeout time.Duration
80+
6181connCloseWait sync.WaitGroup
6282closeCancel context.CancelFunc
6383closeMutex sync.Mutex
@@ -196,6 +216,8 @@ func (a *agent) handlePeerConn(ctx context.Context, conn *peer.Conn) {
196216switch channel .Protocol () {
197217case "ssh" :
198218go a .sshServer .HandleConn (channel .NetConn ())
219+ case "reconnecting-pty" :
220+ go a .handleReconnectingPTY (ctx ,channel .Label (),channel .NetConn ())
199221default :
200222a .logger .Warn (ctx ,"unhandled protocol from channel" ,
201223slog .F ("protocol" ,channel .Protocol ()),
@@ -282,22 +304,25 @@ func (a *agent) init(ctx context.Context) {
282304go a .run (ctx )
283305}
284306
285- func (a * agent )handleSSHSession (session ssh.Session )error {
307+ // createCommand processes raw command input with OpenSSH-like behavior.
308+ // If the rawCommand provided is empty, it will default to the users shell.
309+ // This injects environment variables specified by the user at launch too.
310+ func (a * agent )createCommand (ctx context.Context ,rawCommand string ,env []string ) (* exec.Cmd ,error ) {
286311currentUser ,err := user .Current ()
287312if err != nil {
288- return xerrors .Errorf ("get current user: %w" ,err )
313+ return nil , xerrors .Errorf ("get current user: %w" ,err )
289314}
290315username := currentUser .Username
291316
292317shell ,err := usershell .Get (username )
293318if err != nil {
294- return xerrors .Errorf ("get user shell: %w" ,err )
319+ return nil , xerrors .Errorf ("get user shell: %w" ,err )
295320}
296321
297322// gliderlabs/ssh returns a command slice of zero
298323// when a shell is requested.
299- command := session . RawCommand ()
300- if len (session . Command () )== 0 {
324+ command := rawCommand
325+ if len (command )== 0 {
301326command = shell
302327}
303328
@@ -307,11 +332,11 @@ func (a *agent) handleSSHSession(session ssh.Session) error {
307332if runtime .GOOS == "windows" {
308333caller = "/c"
309334}
310- cmd := exec .CommandContext (session . Context () ,shell ,caller ,command )
311- cmd .Env = append (os .Environ (),session . Environ () ... )
335+ cmd := exec .CommandContext (ctx ,shell ,caller ,command )
336+ cmd .Env = append (os .Environ (),env ... )
312337executablePath ,err := os .Executable ()
313338if err != nil {
314- return xerrors .Errorf ("getting os executable: %w" ,err )
339+ return nil , xerrors .Errorf ("getting os executable: %w" ,err )
315340}
316341// Git on Windows resolves with UNIX-style paths.
317342// If using backslashes, it's unable to find the executable.
@@ -332,6 +357,14 @@ func (a *agent) handleSSHSession(session ssh.Session) error {
332357}
333358}
334359}
360+ return cmd ,nil
361+ }
362+
363+ func (a * agent )handleSSHSession (session ssh.Session )error {
364+ cmd ,err := a .createCommand (session .Context (),session .RawCommand (),session .Environ ())
365+ if err != nil {
366+ return err
367+ }
335368
336369sshPty ,windowSize ,isPty := session .Pty ()
337370if isPty {
@@ -381,6 +414,140 @@ func (a *agent) handleSSHSession(session ssh.Session) error {
381414return cmd .Wait ()
382415}
383416
417+ func (a * agent )handleReconnectingPTY (ctx context.Context ,rawID string ,conn net.Conn ) {
418+ defer conn .Close ()
419+
420+ idParts := strings .Split (rawID ,":" )
421+ if len (idParts )!= 3 {
422+ a .logger .Warn (ctx ,"client sent invalid id format" ,slog .F ("raw-id" ,rawID ))
423+ return
424+ }
425+ id := idParts [0 ]
426+ // Enforce a consistent format for IDs.
427+ _ ,err := uuid .Parse (id )
428+ if err != nil {
429+ a .logger .Warn (ctx ,"client sent reconnection token that isn't a uuid" ,slog .F ("id" ,id ),slog .Error (err ))
430+ return
431+ }
432+ height ,err := strconv .Atoi (idParts [1 ])
433+ if err != nil {
434+ a .logger .Warn (ctx ,"client sent invalid height" ,slog .F ("id" ,id ),slog .F ("height" ,idParts [1 ]))
435+ return
436+ }
437+ width ,err := strconv .Atoi (idParts [2 ])
438+ if err != nil {
439+ a .logger .Warn (ctx ,"client sent invalid width" ,slog .F ("id" ,id ),slog .F ("width" ,idParts [2 ]))
440+ return
441+ }
442+
443+ var rpty * reconnectingPTY
444+ rawRPTY ,ok := a .reconnectingPTYs .Load (id )
445+ if ok {
446+ rpty ,ok = rawRPTY .(* reconnectingPTY )
447+ if ! ok {
448+ a .logger .Warn (ctx ,"found invalid type in reconnecting pty map" ,slog .F ("id" ,id ))
449+ }
450+ }else {
451+ // Empty command will default to the users shell!
452+ cmd ,err := a .createCommand (ctx ,"" ,nil )
453+ if err != nil {
454+ a .logger .Warn (ctx ,"create reconnecting pty command" ,slog .Error (err ))
455+ return
456+ }
457+ ptty ,_ ,err := pty .Start (cmd )
458+ if err != nil {
459+ a .logger .Warn (ctx ,"start reconnecting pty command" ,slog .F ("id" ,id ))
460+ }
461+
462+ rpty = & reconnectingPTY {
463+ activeConns :make (map [string ]net.Conn ),
464+ ptty :ptty ,
465+ timeout :time .NewTimer (a .reconnectingPTYTimeout ),
466+ // Default to buffer 1MB.
467+ ringBuffer :ringbuffer .New (1 << 20 ),
468+ }
469+ a .reconnectingPTYs .Store (id ,rpty )
470+ go func () {
471+ // Close if the inactive timeout occurs, or the context ends.
472+ select {
473+ case <- rpty .timeout .C :
474+ a .logger .Info (ctx ,"killing reconnecting pty due to inactivity" ,slog .F ("id" ,id ))
475+ case <- ctx .Done ():
476+ }
477+ rpty .Close ()
478+ }()
479+ go func () {
480+ buffer := make ([]byte ,32 * 1024 )
481+ for {
482+ read ,err := rpty .ptty .Output ().Read (buffer )
483+ if err != nil {
484+ rpty .Close ()
485+ break
486+ }
487+ part := buffer [:read ]
488+ _ ,err = rpty .ringBuffer .Write (part )
489+ if err != nil {
490+ a .logger .Error (ctx ,"reconnecting pty write buffer" ,slog .Error (err ),slog .F ("id" ,id ))
491+ return
492+ }
493+ rpty .activeConnsMutex .Lock ()
494+ for _ ,conn := range rpty .activeConns {
495+ _ ,_ = conn .Write (part )
496+ }
497+ rpty .activeConnsMutex .Unlock ()
498+ }
499+ // If we break from the loop, the reconnecting PTY ended.
500+ a .reconnectingPTYs .Delete (id )
501+ }()
502+ }
503+ err = rpty .ptty .Resize (uint16 (height ),uint16 (width ))
504+ if err != nil {
505+ // We can continue after this, it's not fatal!
506+ a .logger .Error (ctx ,"resize reconnecting pty" ,slog .F ("id" ,id ),slog .Error (err ))
507+ }
508+
509+ _ ,err = conn .Write (rpty .ringBuffer .Bytes ())
510+ if err != nil {
511+ a .logger .Warn (ctx ,"write reconnecting pty buffer" ,slog .F ("id" ,id ),slog .Error (err ))
512+ return
513+ }
514+ connectionID := uuid .NewString ()
515+ rpty .activeConnsMutex .Lock ()
516+ rpty .activeConns [connectionID ]= conn
517+ rpty .activeConnsMutex .Unlock ()
518+ defer func () {
519+ rpty .activeConnsMutex .Lock ()
520+ delete (rpty .activeConns ,connectionID )
521+ rpty .activeConnsMutex .Unlock ()
522+ }()
523+ decoder := json .NewDecoder (conn )
524+ var req ReconnectingPTYRequest
525+ for {
526+ err = decoder .Decode (& req )
527+ if xerrors .Is (err ,io .EOF ) {
528+ return
529+ }
530+ if err != nil {
531+ a .logger .Warn (ctx ,"reconnecting pty buffer read error" ,slog .F ("id" ,id ),slog .Error (err ))
532+ return
533+ }
534+ _ ,err = rpty .ptty .Input ().Write ([]byte (req .Data ))
535+ if err != nil {
536+ a .logger .Warn (ctx ,"write to reconnecting pty" ,slog .F ("id" ,id ),slog .Error (err ))
537+ return
538+ }
539+ // Check if a resize needs to happen!
540+ if req .Height == 0 || req .Width == 0 {
541+ continue
542+ }
543+ err = rpty .ptty .Resize (req .Height ,req .Width )
544+ if err != nil {
545+ // We can continue after this, it's not fatal!
546+ a .logger .Error (ctx ,"resize reconnecting pty" ,slog .F ("id" ,id ),slog .Error (err ))
547+ }
548+ }
549+ }
550+
384551// isClosed returns whether the API is closed or not.
385552func (a * agent )isClosed ()bool {
386553select {
@@ -403,3 +570,22 @@ func (a *agent) Close() error {
403570a .connCloseWait .Wait ()
404571return nil
405572}
573+
574+ type reconnectingPTY struct {
575+ activeConnsMutex sync.Mutex
576+ activeConns map [string ]net.Conn
577+
578+ ringBuffer * ringbuffer.RingBuffer
579+ timeout * time.Timer
580+ ptty pty.PTY
581+ }
582+
583+ func (r * reconnectingPTY )Close () {
584+ r .activeConnsMutex .Lock ()
585+ defer r .activeConnsMutex .Unlock ()
586+ for _ ,conn := range r .activeConns {
587+ _ = conn .Close ()
588+ }
589+ _ = r .ptty .Close ()
590+ r .ringBuffer .Reset ()
591+ }