[pve-xtermjs.git] / termproxy / src / main.rs

use std::cmp::min;
use std::collections::HashMap;
use std::ffi::OsString;
use std::io::{ErrorKind, Write};
use std::os::fd::RawFd;
use std::os::unix::io::{AsRawFd, FromRawFd};
use std::os::unix::process::CommandExt;
use std::process::Command;
use std::time::{Duration, Instant};

use anyhow::{bail, format_err, Result};
use mio::net::{TcpListener, TcpStream};
use mio::unix::SourceFd;
use mio::{Events, Interest, Poll, Token};

use proxmox_io::ByteBuffer;
use proxmox_lang::error::io_err_other;
use proxmox_sys::linux::pty::{make_controlling_terminal, PTY};

const MSG_TYPE_DATA: u8 = 0;
const MSG_TYPE_RESIZE: u8 = 1;
//const MSG_TYPE_PING: u8 = 2;

fn remove_number(buf: &mut ByteBuffer) -> Option<usize> {
    loop {
        if let Some(pos) = &buf.iter().position(|&x| x == b':') {
            let data = buf.remove_data(*pos);
            buf.consume(1); // the ':'
            let len = match std::str::from_utf8(&data) {
                Ok(lenstring) => match lenstring.parse() {
                    Ok(len) => len,
                    Err(err) => {
                        eprintln!("error parsing number: '{}'", err);
                        break;
                    }
                },
                Err(err) => {
                    eprintln!("error parsing number: '{}'", err);
                    break;
                }
            };
            return Some(len);
        } else if buf.len() > 20 {
            buf.consume(20);
        } else {
            break;
        }
    }
    None
}

fn process_queue(buf: &mut ByteBuffer, pty: &mut PTY) -> Option<usize> {
    if buf.is_empty() {
        return None;
    }

    loop {
        if buf.len() < 2 {
            break;
        }

        let msgtype = buf[0] - b'0';

        if msgtype == MSG_TYPE_DATA {
            buf.consume(2);
            if let Some(len) = remove_number(buf) {
                return Some(len);
            }
        } else if msgtype == MSG_TYPE_RESIZE {
            buf.consume(2);
            if let Some(cols) = remove_number(buf) {
                if let Some(rows) = remove_number(buf) {
                    pty.set_size(cols as u16, rows as u16).ok()?;
                }
            }
        // ignore incomplete messages
        } else {
            buf.consume(1);
            // ignore invalid or ping (msgtype 2)
        }
    }

    None
}

type TicketResult = Result<(Box<[u8]>, Box<[u8]>)>;

/// Reads from the stream and returns the first line and the rest
fn read_ticket_line(
    stream: &mut TcpStream,
    buf: &mut ByteBuffer,
    timeout: Duration,
) -> TicketResult {
    let mut poll = Poll::new()?;
    poll.registry()
        .register(stream, Token(0), Interest::READABLE)?;
    let mut events = Events::with_capacity(1);

    let now = Instant::now();
    let mut elapsed = Duration::new(0, 0);

    loop {
        poll.poll(&mut events, Some(timeout - elapsed))?;
        if !events.is_empty() {
            match buf.read_from(stream) {
                Ok(n) => {
                    if n == 0 {
                        bail!("connection closed before authentication");
                    }
                }
                Err(err) if err.kind() == ErrorKind::WouldBlock => {}
                Err(err) => return Err(err.into()),
            }

            if buf[..].contains(&b'\n') {
                break;
            }

            if buf.is_full() {
                bail!("authentication data is incomplete: {:?}", &buf[..]);
            }
        }

        elapsed = now.elapsed();
        if elapsed > timeout {
            bail!("timed out");
        }
    }

    let newline_idx = &buf[..].iter().position(|&x| x == b'\n').unwrap();

    let line = buf.remove_data(*newline_idx);
    buf.consume(1); // discard newline

    match line.iter().position(|&b| b == b':') {
        Some(pos) => {
            let (username, ticket) = line.split_at(pos);
            Ok((username.into(), ticket[1..].into()))
        }
        None => bail!("authentication data is invalid"),
    }
}

fn authenticate(username: &[u8], ticket: &[u8], options: &Options, listen_port: u16) -> Result<()> {
    let mut post_fields: Vec<(&str, &str)> = Vec::with_capacity(5);
    post_fields.push(("username", std::str::from_utf8(username)?));
    post_fields.push(("password", std::str::from_utf8(ticket)?));
    post_fields.push(("path", &options.acl_path));
    if let Some(perm) = options.acl_permission.as_ref() {
        post_fields.push(("privs", perm));
    }

    // if the listen-port was passed indirectly via an FD, it's encoded also in the ticket so that
    // the access system can enforce that the users actually can access that port.
    let port_str;
    if options.listen_port.is_fd() {
        port_str = listen_port.to_string();
        post_fields.push(("port", &port_str));
    }

    let url = format!(
        "http://localhost:{}/api2/json/access/ticket",
        options.api_daemon_port
    );

    match ureq::post(&url).send_form(&post_fields[..]) {
        Ok(res) if res.status() == 200 => Ok(()),
        Ok(res) | Err(ureq::Error::Status(_, res)) => {
            let code = res.status();
            bail!("invalid authentication - {} {}", code, res.status_text())
        }
        Err(err) => bail!("authentication request failed - {}", err),
    }
}

fn listen_and_accept(
    hostname: &str,
    listen_port: &PortOrFd,
    timeout: Duration,
) -> Result<(TcpStream, u16)> {
    let listener = match listen_port {
        PortOrFd::Fd(fd) => unsafe { std::net::TcpListener::from_raw_fd(*fd) },
        PortOrFd::Port(port) => std::net::TcpListener::bind((hostname, *port as u16))?,
    };
    let port = listener.local_addr()?.port();
    let mut listener = TcpListener::from_std(listener);
    let mut poll = Poll::new()?;

    poll.registry()
        .register(&mut listener, Token(0), Interest::READABLE)?;

    let mut events = Events::with_capacity(1);

    let now = Instant::now();
    let mut elapsed = Duration::new(0, 0);

    loop {
        poll.poll(&mut events, Some(timeout - elapsed))?;
        if !events.is_empty() {
            let (stream, client) = listener.accept()?;
            println!("client connection: {client:?}");
            return Ok((stream, port));
        }

        elapsed = now.elapsed();
        if elapsed > timeout {
            bail!("timed out");
        }
    }
}

fn run_pty<'a>(mut full_cmd: impl Iterator<Item = &'a OsString>) -> Result<PTY> {
    let cmd_exe = full_cmd.next().unwrap();
    let params = full_cmd; // rest

    let (mut pty, secondary_name) = PTY::new().map_err(io_err_other)?;

    let mut filtered_env: HashMap<OsString, OsString> = std::env::vars_os()
        .filter(|&(ref k, _)| {
            k == "PATH"
                || k == "USER"
                || k == "HOME"
                || k == "LANG"
                || k == "LANGUAGE"
                || k.to_string_lossy().starts_with("LC_")
        })
        .collect();
    filtered_env.insert("TERM".into(), "xterm-256color".into());

    let mut command = Command::new(cmd_exe);

    command.args(params).env_clear().envs(&filtered_env);

    unsafe {
        command.pre_exec(move || {
            make_controlling_terminal(&secondary_name).map_err(io_err_other)?;
            Ok(())
        });
    }

    command.spawn()?;

    pty.set_size(80, 20)?;
    Ok(pty)
}

const TCP: Token = Token(0);
const PTY: Token = Token(1);

const CMD_HELP: &str = "\
Usage: proxmox-termproxy [OPTIONS] --path <path> <listen-port> -- <terminal-cmd>...

Arguments:
  <listen-port>           Port or file descriptor to listen for TCP connections
  <terminal-cmd>...       The command to run connected via a proxied PTY

Options:
      --authport <authport>       Port to relay auth-request, default 85
      --port-as-fd                Use <listen-port> as file descriptor.
      --path <path>               ACL object path to test <perm> on.
      --perm <perm>               Permission to test.
      -h, --help                  Print help
";

#[derive(Debug)]
enum PortOrFd {
    Port(u16),
    Fd(RawFd),
}

impl PortOrFd {
    fn from_cli(value: u64, use_as_fd: bool) -> Result<PortOrFd> {
        if use_as_fd {
            if value > RawFd::MAX as u64 {
                bail!("FD value too big");
            }
            Ok(Self::Fd(value as RawFd))
        } else {
            if value > u16::MAX as u64 {
                bail!("invalid port number");
            }
            Ok(Self::Port(value as u16))
        }
    }

    fn is_fd(&self) -> bool {
        match self {
            Self::Fd(_) => true,
            _ => false,
        }
    }
}

#[derive(Debug)]
struct Options {
    /// The actual command to run proxied in a pseudo terminal.
    terminal_command: Vec<OsString>,
    /// The port or FD that termproxy will listen on for an incoming conection
    listen_port: PortOrFd,
    /// The port of the local privileged daemon that authentication is relayed to. Defaults to `85`
    api_daemon_port: u16,
    /// The ACL object path the 'acl_permission' is checked on
    acl_path: String,
    /// The ACL permission that the ticket, read from the stream, is required to have on 'acl_path'
    acl_permission: Option<String>,
}

fn parse_args() -> Result<Options> {
    let mut args: Vec<_> = std::env::args_os().collect();
    args.remove(0); // remove the executable path.

    // handle finding command after `--` first so that we only parse our options later
    let terminal_command = if let Some(dash_dash) = args.iter().position(|arg| arg == "--") {
        let later_args = args.drain(dash_dash + 1..).collect();
        args.pop(); // .. then remove the `--`
        Some(later_args)
    } else {
        None
    };

    // Now pass the remaining arguments through to `pico_args`.
    let mut args = pico_args::Arguments::from_vec(args);

    if args.contains(["-h", "--help"]) {
        print!("{CMD_HELP}");
        std::process::exit(0);
    } else if terminal_command.is_none() {
        bail!("missing terminal command or -- option-end marker, see '-h' for usage");
    }

    let options = Options {
        terminal_command: terminal_command.unwrap(), // checked above
        listen_port: PortOrFd::from_cli(args.free_from_str()?, args.contains("--port-as-fd"))?,
        api_daemon_port: args.opt_value_from_str("--authport")?.unwrap_or(85),
        acl_path: args.value_from_str("--path")?,
        acl_permission: args.opt_value_from_str("--perm")?,
    };

    if !args.finish().is_empty() {
        bail!("unexpected extra arguments, use '-h' for usage");
    }

    Ok(options)
}

fn do_main() -> Result<()> {
    let options = parse_args()?;

    let (mut tcp_handle, listen_port) =
        listen_and_accept("localhost", &options.listen_port, Duration::new(10, 0))
            .map_err(|err| format_err!("failed waiting for client: {}", err))?;

    let mut pty_buf = ByteBuffer::new();
    let mut tcp_buf = ByteBuffer::new();

    let (username, ticket) = read_ticket_line(&mut tcp_handle, &mut pty_buf, Duration::new(10, 0))
        .map_err(|err| format_err!("failed reading ticket: {}", err))?;

    authenticate(&username, &ticket, &options, listen_port)?;

    tcp_handle.write_all(b"OK").expect("error writing response");

    let mut poll = Poll::new()?;
    let mut events = Events::with_capacity(128);

    let mut pty = run_pty(options.terminal_command.iter())?;

    poll.registry().register(
        &mut tcp_handle,
        TCP,
        Interest::READABLE | Interest::WRITABLE,
    )?;
    poll.registry().register(
        &mut SourceFd(&pty.as_raw_fd()),
        PTY,
        Interest::READABLE | Interest::WRITABLE,
    )?;

    let mut tcp_writable = true;
    let mut pty_writable = true;
    let mut tcp_readable = true;
    let mut pty_readable = true;
    let mut remaining = 0;
    let mut finished = false;

    while !finished {
        if tcp_readable && !pty_buf.is_full() || pty_readable && !tcp_buf.is_full() {
            poll.poll(&mut events, Some(Duration::new(0, 0)))?;
        } else {
            poll.poll(&mut events, None)?;
        }

        for event in &events {
            let writable = event.is_writable();
            let readable = event.is_readable();
            if event.is_read_closed() {
                finished = true;
            }
            match event.token() {
                TCP => {
                    if readable {
                        tcp_readable = true;
                    }
                    if writable {
                        tcp_writable = true;
                    }
                }
                PTY => {
                    if readable {
                        pty_readable = true;
                    }
                    if writable {
                        pty_writable = true;
                    }
                }
                _ => unreachable!(),
            }
        }

        while tcp_readable && !pty_buf.is_full() {
            let bytes = match pty_buf.read_from(&mut tcp_handle) {
                Ok(bytes) => bytes,
                Err(err) if err.kind() == ErrorKind::WouldBlock => {
                    tcp_readable = false;
                    break;
                }
                Err(err) => {
                    if !finished {
                        return Err(format_err!("error reading from tcp: {}", err));
                    }
                    break;
                }
            };
            if bytes == 0 {
                finished = true;
                break;
            }
        }

        while pty_readable && !tcp_buf.is_full() {
            let bytes = match tcp_buf.read_from(&mut pty) {
                Ok(bytes) => bytes,
                Err(err) if err.kind() == ErrorKind::WouldBlock => {
                    pty_readable = false;
                    break;
                }
                Err(err) => {
                    if !finished {
                        return Err(format_err!("error reading from pty: {}", err));
                    }
                    break;
                }
            };
            if bytes == 0 {
                finished = true;
                break;
            }
        }

        while !tcp_buf.is_empty() && tcp_writable {
            let bytes = match tcp_handle.write(&tcp_buf[..]) {
                Ok(bytes) => bytes,
                Err(err) if err.kind() == ErrorKind::WouldBlock => {
                    tcp_writable = false;
                    break;
                }
                Err(err) => {
                    if !finished {
                        return Err(format_err!("error writing to tcp : {}", err));
                    }
                    break;
                }
            };
            tcp_buf.consume(bytes);
        }

        while !pty_buf.is_empty() && pty_writable {
            if remaining == 0 {
                remaining = match process_queue(&mut pty_buf, &mut pty) {
                    Some(val) => val,
                    None => break,
                };
            }
            let len = min(remaining, pty_buf.len());
            let bytes = match pty.write(&pty_buf[..len]) {
                Ok(bytes) => bytes,
                Err(err) if err.kind() == ErrorKind::WouldBlock => {
                    pty_writable = false;
                    break;
                }
                Err(err) => {
                    if !finished {
                        return Err(format_err!("error writing to pty : {}", err));
                    }
                    break;
                }
            };
            remaining -= bytes;
            pty_buf.consume(bytes);
        }
    }

    Ok(())
}

fn main() {
    std::process::exit(match do_main() {
        Ok(_) => 0,
        Err(err) => {
            eprintln!("{}", err);
            1
        }
    });
}
Commit	Line	Data
3e4311fe DC	1	use std::cmp::min;
3e4311fe DC	2	use std::collections::HashMap;
13e2e502	3	use std::ffi::OsString;
cfa75e79	4	use std::io::{ErrorKind, Write};
24d707d0	5	use std::os::fd::RawFd;
3e4311fe DC	6	use std::os::unix::io::{AsRawFd, FromRawFd};
	7	use std::os::unix::process::CommandExt;
	8	use std::process::Command;
	9	use std::time::{Duration, Instant};
	10
cfa75e79	11	use anyhow::{bail, format_err, Result};
c2d63828	12	use mio::net::{TcpListener, TcpStream};
c2d63828	13	use mio::unix::SourceFd;
3c586bd8	14	use mio::{Events, Interest, Poll, Token};
3e4311fe	15
cc1dbda3	16	use proxmox_io::ByteBuffer;
27f74629	17	use proxmox_lang::error::io_err_other;
8c6783e9	18	use proxmox_sys::linux::pty::{make_controlling_terminal, PTY};
3e4311fe DC	19
	20	const MSG_TYPE_DATA: u8 = 0;
	21	const MSG_TYPE_RESIZE: u8 = 1;
	22	//const MSG_TYPE_PING: u8 = 2;
	23
	24	fn remove_number(buf: &mut ByteBuffer) -> Option<usize> {
	25	loop {
	26	if let Some(pos) = &buf.iter().position(\|&x\| x == b':') {
	27	let data = buf.remove_data(*pos);
	28	buf.consume(1); // the ':'
	29	let len = match std::str::from_utf8(&data) {
	30	Ok(lenstring) => match lenstring.parse() {
	31	Ok(len) => len,
	32	Err(err) => {
	33	eprintln!("error parsing number: '{}'", err);
	34	break;
	35	}
	36	},
	37	Err(err) => {
	38	eprintln!("error parsing number: '{}'", err);
	39	break;
	40	}
	41	};
	42	return Some(len);
	43	} else if buf.len() > 20 {
	44	buf.consume(20);
	45	} else {
	46	break;
	47	}
	48	}
	49	None
	50	}
	51
	52	fn process_queue(buf: &mut ByteBuffer, pty: &mut PTY) -> Option<usize> {
	53	if buf.is_empty() {
	54	return None;
	55	}
	56
	57	loop {
	58	if buf.len() < 2 {
	59	break;
	60	}
	61
	62	let msgtype = buf[0] - b'0';
	63
	64	if msgtype == MSG_TYPE_DATA {
	65	buf.consume(2);
	66	if let Some(len) = remove_number(buf) {
	67	return Some(len);
	68	}
	69	} else if msgtype == MSG_TYPE_RESIZE {
	70	buf.consume(2);
	71	if let Some(cols) = remove_number(buf) {
	72	if let Some(rows) = remove_number(buf) {
	73	pty.set_size(cols as u16, rows as u16).ok()?;
	74	}
	75	}
	76	// ignore incomplete messages
	77	} else {
	78	buf.consume(1);
	79	// ignore invalid or ping (msgtype 2)
	80	}
	81	}
	82
83	None
84	}
85
86	type TicketResult = Result<(Box<[u8]>, Box<[u8]>)>;
87
88	/// Reads from the stream and returns the first line and the rest
89	fn read_ticket_line(
90	stream: &mut TcpStream,
91	buf: &mut ByteBuffer,
92	timeout: Duration,
93	) -> TicketResult {
7739b7e8	94	let mut poll = Poll::new()?;
3c586bd8 FG	95	poll.registry()
3c586bd8 FG	96	.register(stream, Token(0), Interest::READABLE)?;
7739b7e8	97	let mut events = Events::with_capacity(1);
41f32a28 FG	98
	99	let now = Instant::now();
	100	let mut elapsed = Duration::new(0, 0);
7739b7e8 DC	101
7739b7e8 DC	102	loop {
41f32a28	103	poll.poll(&mut events, Some(timeout - elapsed))?;
7739b7e8 DC	104	if !events.is_empty() {
	105	match buf.read_from(stream) {
	106	Ok(n) => {
	107	if n == 0 {
cfa75e79	108	bail!("connection closed before authentication");
7739b7e8	109	}
3e4311fe	110	}
7739b7e8	111	Err(err) if err.kind() == ErrorKind::WouldBlock => {}
cfa75e79	112	Err(err) => return Err(err.into()),
7739b7e8 DC	113	}
	114
	115	if buf[..].contains(&b'\n') {
	116	break;
	117	}
	118
	119	if buf.is_full() {
cfa75e79	120	bail!("authentication data is incomplete: {:?}", &buf[..]);
3e4311fe	121	}
7739b7e8 DC	122	}
7739b7e8 DC	123
41f32a28 FG	124	elapsed = now.elapsed();
41f32a28 FG	125	if elapsed > timeout {
cfa75e79	126	bail!("timed out");
3e4311fe DC	127	}
	128	}
	129
3e4311fe DC	130	let newline_idx = &buf[..].iter().position(\|&x\| x == b'\n').unwrap();
	131
	132	let line = buf.remove_data(*newline_idx);
	133	buf.consume(1); // discard newline
	134
	135	match line.iter().position(\|&b\| b == b':') {
	136	Some(pos) => {
	137	let (username, ticket) = line.split_at(pos);
	138	Ok((username.into(), ticket[1..].into()))
	139	}
cfa75e79	140	None => bail!("authentication data is invalid"),
3e4311fe DC	141	}
	142	}
	143
24d707d0	144	fn authenticate(username: &[u8], ticket: &[u8], options: &Options, listen_port: u16) -> Result<()> {
81a288b9 TL	145	let mut post_fields: Vec<(&str, &str)> = Vec::with_capacity(5);
	146	post_fields.push(("username", std::str::from_utf8(username)?));
	147	post_fields.push(("password", std::str::from_utf8(ticket)?));
24d707d0 TL	148	post_fields.push(("path", &options.acl_path));
24d707d0 TL	149	if let Some(perm) = options.acl_permission.as_ref() {
81a288b9	150	post_fields.push(("privs", perm));
3e4311fe	151	}
24d707d0 TL	152
	153	// if the listen-port was passed indirectly via an FD, it's encoded also in the ticket so that
	154	// the access system can enforce that the users actually can access that port.
81a288b9	155	let port_str;
24d707d0 TL	156	if options.listen_port.is_fd() {
24d707d0 TL	157	port_str = listen_port.to_string();
81a288b9	158	post_fields.push(("port", &port_str));
3e4311fe DC	159	}
3e4311fe DC	160
24d707d0 TL	161	let url = format!(
	162	"http://localhost:{}/api2/json/access/ticket",
	163	options.api_daemon_port
	164	);
3e4311fe	165
81a288b9 TL	166	match ureq::post(&url).send_form(&post_fields[..]) {
	167	Ok(res) if res.status() == 200 => Ok(()),
	168	Ok(res) \| Err(ureq::Error::Status(_, res)) => {
	169	let code = res.status();
	170	bail!("invalid authentication - {} {}", code, res.status_text())
	171	}
	172	Err(err) => bail!("authentication request failed - {}", err),
3e4311fe	173	}
3e4311fe DC	174	}
	175
	176	fn listen_and_accept(
	177	hostname: &str,
24d707d0	178	listen_port: &PortOrFd,
3e4311fe DC	179	timeout: Duration,
3e4311fe DC	180	) -> Result<(TcpStream, u16)> {
24d707d0 TL	181	let listener = match listen_port {
	182	PortOrFd::Fd(fd) => unsafe { std::net::TcpListener::from_raw_fd(*fd) },
	183	PortOrFd::Port(port) => std::net::TcpListener::bind((hostname, *port as u16))?,
3e4311fe DC	184	};
3e4311fe DC	185	let port = listener.local_addr()?.port();
c2d63828 DC	186	let mut listener = TcpListener::from_std(listener);
c2d63828 DC	187	let mut poll = Poll::new()?;
3e4311fe	188
3c586bd8 FG	189	poll.registry()
3c586bd8 FG	190	.register(&mut listener, Token(0), Interest::READABLE)?;
3e4311fe DC	191
	192	let mut events = Events::with_capacity(1);
	193
41f32a28 FG	194	let now = Instant::now();
	195	let mut elapsed = Duration::new(0, 0);
	196
3e4311fe	197	loop {
41f32a28	198	poll.poll(&mut events, Some(timeout - elapsed))?;
3e4311fe	199	if !events.is_empty() {
c2d63828	200	let (stream, client) = listener.accept()?;
24d707d0	201	println!("client connection: {client:?}");
3e4311fe DC	202	return Ok((stream, port));
3e4311fe DC	203	}
41f32a28 FG	204
	205	elapsed = now.elapsed();
	206	if elapsed > timeout {
cfa75e79	207	bail!("timed out");
3e4311fe DC	208	}
	209	}
	210	}
	211
13e2e502 TL	212	fn run_pty<'a>(mut full_cmd: impl Iterator<Item = &'a OsString>) -> Result<PTY> {
	213	let cmd_exe = full_cmd.next().unwrap();
	214	let params = full_cmd; // rest
	215
3e4311fe DC	216	let (mut pty, secondary_name) = PTY::new().map_err(io_err_other)?;
	217
	218	let mut filtered_env: HashMap<OsString, OsString> = std::env::vars_os()
	219	.filter(\|&(ref k, _)\| {
	220	k == "PATH"
	221	\|\| k == "USER"
	222	\|\| k == "HOME"
	223	\|\| k == "LANG"
	224	\|\| k == "LANGUAGE"
	225	\|\| k.to_string_lossy().starts_with("LC_")
	226	})
	227	.collect();
	228	filtered_env.insert("TERM".into(), "xterm-256color".into());
	229
13e2e502	230	let mut command = Command::new(cmd_exe);
3e4311fe DC	231
	232	command.args(params).env_clear().envs(&filtered_env);
	233
	234	unsafe {
	235	command.pre_exec(move \|\| {
	236	make_controlling_terminal(&secondary_name).map_err(io_err_other)?;
	237	Ok(())
	238	});
	239	}
	240
	241	command.spawn()?;
	242
27f74629	243	pty.set_size(80, 20)?;
3e4311fe DC	244	Ok(pty)
	245	}
	246
	247	const TCP: Token = Token(0);
	248	const PTY: Token = Token(1);
	249
24d707d0 TL	250	const CMD_HELP: &str = "\
	251	Usage: proxmox-termproxy [OPTIONS] --path <path> <listen-port> -- <terminal-cmd>...
	252
	253	Arguments:
	254	<listen-port> Port or file descriptor to listen for TCP connections
	255	<terminal-cmd>... The command to run connected via a proxied PTY
	256
	257	Options:
	258	--authport <authport> Port to relay auth-request, default 85
	259	--port-as-fd Use <listen-port> as file descriptor.
	260	--path <path> ACL object path to test <perm> on.
	261	--perm <perm> Permission to test.
	262	-h, --help Print help
	263	";
	264
	265	#[derive(Debug)]
	266	enum PortOrFd {
	267	Port(u16),
	268	Fd(RawFd),
	269	}
	270
	271	impl PortOrFd {
	272	fn from_cli(value: u64, use_as_fd: bool) -> Result<PortOrFd> {
	273	if use_as_fd {
	274	if value > RawFd::MAX as u64 {
	275	bail!("FD value too big");
	276	}
	277	Ok(Self::Fd(value as RawFd))
	278	} else {
	279	if value > u16::MAX as u64 {
	280	bail!("invalid port number");
	281	}
	282	Ok(Self::Port(value as u16))
	283	}
	284	}
	285
	286	fn is_fd(&self) -> bool {
	287	match self {
	288	Self::Fd(_) => true,
	289	_ => false,
	290	}
	291	}
	292	}
	293
	294	#[derive(Debug)]
	295	struct Options {
	296	/// The actual command to run proxied in a pseudo terminal.
	297	terminal_command: Vec<OsString>,
	298	/// The port or FD that termproxy will listen on for an incoming conection
	299	listen_port: PortOrFd,
	300	/// The port of the local privileged daemon that authentication is relayed to. Defaults to `85`
	301	api_daemon_port: u16,
	302	/// The ACL object path the 'acl_permission' is checked on
	303	acl_path: String,
	304	/// The ACL permission that the ticket, read from the stream, is required to have on 'acl_path'
	305	acl_permission: Option<String>,
	306	}
	307
	308	fn parse_args() -> Result<Options> {
	309	let mut args: Vec<_> = std::env::args_os().collect();
	310	args.remove(0); // remove the executable path.
	311
	312	// handle finding command after `--` first so that we only parse our options later
	313	let terminal_command = if let Some(dash_dash) = args.iter().position(\|arg\| arg == "--") {
314	let later_args = args.drain(dash_dash + 1..).collect();
315	args.pop(); // .. then remove the `--`
316	Some(later_args)
317	} else {
318	None
319	};
320
321	// Now pass the remaining arguments through to `pico_args`.
322	let mut args = pico_args::Arguments::from_vec(args);
323
324	if args.contains(["-h", "--help"]) {
325	print!("{CMD_HELP}");
326	std::process::exit(0);
327	} else if terminal_command.is_none() {
328	bail!("missing terminal command or -- option-end marker, see '-h' for usage");
329	}
330
331	let options = Options {
332	terminal_command: terminal_command.unwrap(), // checked above
333	listen_port: PortOrFd::from_cli(args.free_from_str()?, args.contains("--port-as-fd"))?,
334	api_daemon_port: args.opt_value_from_str("--authport")?.unwrap_or(85),
335	acl_path: args.value_from_str("--path")?,
336	acl_permission: args.opt_value_from_str("--perm")?,
337	};
338
339	if !args.finish().is_empty() {
340	bail!("unexpected extra arguments, use '-h' for usage");
3e4311fe DC	341	}
3e4311fe DC	342
24d707d0 TL	343	Ok(options)
	344	}
	345
	346	fn do_main() -> Result<()> {
	347	let options = parse_args()?;
	348
	349	let (mut tcp_handle, listen_port) =
	350	listen_and_accept("localhost", &options.listen_port, Duration::new(10, 0))
cfa75e79	351	.map_err(\|err\| format_err!("failed waiting for client: {}", err))?;
3e4311fe	352
13e2e502 TL	353	let mut pty_buf = ByteBuffer::new();
	354	let mut tcp_buf = ByteBuffer::new();
	355
c2d63828	356	let (username, ticket) = read_ticket_line(&mut tcp_handle, &mut pty_buf, Duration::new(10, 0))
cfa75e79	357	.map_err(\|err\| format_err!("failed reading ticket: {}", err))?;
24d707d0 TL	358
	359	authenticate(&username, &ticket, &options, listen_port)?;
	360
c2d63828	361	tcp_handle.write_all(b"OK").expect("error writing response");
3e4311fe	362
c2d63828	363	let mut poll = Poll::new()?;
3e4311fe DC	364	let mut events = Events::with_capacity(128);
3e4311fe DC	365
24d707d0	366	let mut pty = run_pty(options.terminal_command.iter())?;
3e4311fe	367
c2d63828 DC	368	poll.registry().register(
c2d63828 DC	369	&mut tcp_handle,
3e4311fe	370	TCP,
bb32b0c6	371	Interest::READABLE \| Interest::WRITABLE,
3e4311fe	372	)?;
c2d63828 DC	373	poll.registry().register(
c2d63828 DC	374	&mut SourceFd(&pty.as_raw_fd()),
3e4311fe	375	PTY,
bb32b0c6	376	Interest::READABLE \| Interest::WRITABLE,
3e4311fe DC	377	)?;
	378
	379	let mut tcp_writable = true;
	380	let mut pty_writable = true;
	381	let mut tcp_readable = true;
	382	let mut pty_readable = true;
	383	let mut remaining = 0;
	384	let mut finished = false;
	385
	386	while !finished {
	387	if tcp_readable && !pty_buf.is_full() \|\| pty_readable && !tcp_buf.is_full() {
	388	poll.poll(&mut events, Some(Duration::new(0, 0)))?;
	389	} else {
	390	poll.poll(&mut events, None)?;
	391	}
	392
	393	for event in &events {
c2d63828 DC	394	let writable = event.is_writable();
	395	let readable = event.is_readable();
	396	if event.is_read_closed() {
3e4311fe DC	397	finished = true;
	398	}
	399	match event.token() {
	400	TCP => {
	401	if readable {
	402	tcp_readable = true;
	403	}
	404	if writable {
	405	tcp_writable = true;
	406	}
	407	}
	408	PTY => {
	409	if readable {
	410	pty_readable = true;
	411	}
	412	if writable {
	413	pty_writable = true;
	414	}
	415	}
	416	_ => unreachable!(),
	417	}
	418	}
	419
	420	while tcp_readable && !pty_buf.is_full() {
	421	let bytes = match pty_buf.read_from(&mut tcp_handle) {
	422	Ok(bytes) => bytes,
	423	Err(err) if err.kind() == ErrorKind::WouldBlock => {
	424	tcp_readable = false;
	425	break;
	426	}
	427	Err(err) => {
	428	if !finished {
cfa75e79	429	return Err(format_err!("error reading from tcp: {}", err));
3e4311fe DC	430	}
	431	break;
	432	}
	433	};
	434	if bytes == 0 {
	435	finished = true;
	436	break;
	437	}
	438	}
	439
	440	while pty_readable && !tcp_buf.is_full() {
	441	let bytes = match tcp_buf.read_from(&mut pty) {
	442	Ok(bytes) => bytes,
	443	Err(err) if err.kind() == ErrorKind::WouldBlock => {
	444	pty_readable = false;
	445	break;
	446	}
	447	Err(err) => {
	448	if !finished {
cfa75e79	449	return Err(format_err!("error reading from pty: {}", err));
3e4311fe DC	450	}
	451	break;
	452	}
	453	};
	454	if bytes == 0 {
	455	finished = true;
	456	break;
	457	}
	458	}
	459
	460	while !tcp_buf.is_empty() && tcp_writable {
	461	let bytes = match tcp_handle.write(&tcp_buf[..]) {
	462	Ok(bytes) => bytes,
	463	Err(err) if err.kind() == ErrorKind::WouldBlock => {
	464	tcp_writable = false;
	465	break;
	466	}
	467	Err(err) => {
	468	if !finished {
cfa75e79	469	return Err(format_err!("error writing to tcp : {}", err));
3e4311fe DC	470	}
	471	break;
	472	}
	473	};
	474	tcp_buf.consume(bytes);
	475	}
	476
	477	while !pty_buf.is_empty() && pty_writable {
	478	if remaining == 0 {
	479	remaining = match process_queue(&mut pty_buf, &mut pty) {
	480	Some(val) => val,
	481	None => break,
	482	};
	483	}
	484	let len = min(remaining, pty_buf.len());
	485	let bytes = match pty.write(&pty_buf[..len]) {
	486	Ok(bytes) => bytes,
	487	Err(err) if err.kind() == ErrorKind::WouldBlock => {
	488	pty_writable = false;
	489	break;
	490	}
	491	Err(err) => {
	492	if !finished {
cfa75e79	493	return Err(format_err!("error writing to pty : {}", err));
3e4311fe DC	494	}
	495	break;
	496	}
	497	};
	498	remaining -= bytes;
	499	pty_buf.consume(bytes);
	500	}
	501	}
	502
	503	Ok(())
	504	}
	505
	506	fn main() {
	507	std::process::exit(match do_main() {
	508	Ok(_) => 0,
	509	Err(err) => {
	510	eprintln!("{}", err);
	511	1
	512	}
	513	});
	514	}