rpc rewrite: control RPCs using gRPC + separate RPC for data transfer

transport/ssh: update go-netssh to new version
    => supports CloseWrite and Deadlines
    => build: require Go 1.11 (netssh requires it)
This commit is contained in:
Christian Schwarz
2018-12-11 22:01:50 +01:00
parent d281fb00e3
commit 796c5ad42d
100 changed files with 6460 additions and 1485 deletions

View File

@@ -25,12 +25,13 @@ func ParseCAFile(certfile string) (*x509.CertPool, error) {
}
type ClientAuthListener struct {
l net.Listener
l *net.TCPListener
c *tls.Config
handshakeTimeout time.Duration
}
func NewClientAuthListener(
l net.Listener, ca *x509.CertPool, serverCert tls.Certificate,
l *net.TCPListener, ca *x509.CertPool, serverCert tls.Certificate,
handshakeTimeout time.Duration) *ClientAuthListener {
if ca == nil {
@@ -40,30 +41,35 @@ func NewClientAuthListener(
panic(serverCert)
}
tlsConf := tls.Config{
tlsConf := &tls.Config{
Certificates: []tls.Certificate{serverCert},
ClientCAs: ca,
ClientAuth: tls.RequireAndVerifyClientCert,
PreferServerCipherSuites: true,
KeyLogWriter: keylogFromEnv(),
}
l = tls.NewListener(l, &tlsConf)
return &ClientAuthListener{
l,
tlsConf,
handshakeTimeout,
}
}
func (l *ClientAuthListener) Accept() (c net.Conn, clientCN string, err error) {
c, err = l.l.Accept()
// Accept() accepts a connection from the *net.TCPListener passed to the constructor
// and sets up the TLS connection, including handshake and peer CommmonName validation
// within the specified handshakeTimeout.
//
// It returns both the raw TCP connection (tcpConn) and the TLS connection (tlsConn) on top of it.
// Access to the raw tcpConn might be necessary if CloseWrite semantics are desired:
// tlsConn.CloseWrite does NOT call tcpConn.CloseWrite, hence we provide access to tcpConn to
// allow the caller to do this by themselves.
func (l *ClientAuthListener) Accept() (tcpConn *net.TCPConn, tlsConn *tls.Conn, clientCN string, err error) {
tcpConn, err = l.l.AcceptTCP()
if err != nil {
return nil, "", err
}
tlsConn, ok := c.(*tls.Conn)
if !ok {
return c, "", err
return nil, nil, "", err
}
tlsConn = tls.Server(tcpConn, l.c)
var (
cn string
peerCerts []*x509.Certificate
@@ -82,10 +88,11 @@ func (l *ClientAuthListener) Accept() (c net.Conn, clientCN string, err error) {
goto CloseAndErr
}
cn = peerCerts[0].Subject.CommonName
return c, cn, nil
return tcpConn, tlsConn, cn, nil
CloseAndErr:
c.Close()
return nil, "", err
// unlike CloseWrite, Close on *tls.Conn actually closes the underlying connection
tlsConn.Close() // TODO log error
return nil, nil, "", err
}
func (l *ClientAuthListener) Addr() net.Addr {