introduce rust

2024-04-29 12:54:25 +02:00
parent 6e1cb57e03
commit 73cafb7385
78 changed files with 3408 additions and 2457 deletions
--- a/src/cmd/init/sshd.rs
+++ b/src/cmd/init/sshd.rs
@ -0,0 +1,96 @@
+use log::{info, warn};
+use std::fs;
+use std::io::Write;
+use std::os::unix::fs::PermissionsExt;
+use std::process::Stdio;
+use tokio::net;
+use tokio::process::Command;
+
+use super::{retry_or_ignore, Config};
+
+pub async fn start(cfg: &Config) {
+    retry_or_ignore(async || {
+        info!("ssh: writing authorized keys");
+
+        let ssh_dir = "/root/.ssh";
+        let authorized_keys = format!("{ssh_dir}/authorized_keys");
+
+        fs::create_dir_all(ssh_dir)?;
+        fs::set_permissions(ssh_dir, fs::Permissions::from_mode(0o700))?;
+
+        let mut ak = Vec::new();
+
+        for auth in &cfg.auths {
+            let Some(ref key) = auth.ssh_key else {
+                continue;
+            };
+            writeln!(ak, "{key} {}", auth.name)?;
+        }
+
+        fs::write(authorized_keys, ak)?;
+        Ok(())
+    })
+    .await;
+
+    retry_or_ignore(async || {
+        let mut sshd_args = Vec::new();
+
+        sshd_args.extend(["-i", "-E", "/var/log/sshd.log"]);
+
+        for key_path in cfg.ssh.keys.iter() {
+            if !fs::exists(key_path).is_ok_and(|b| b) {
+                info!("ssh: host key not found (ignored): {key_path}");
+                continue;
+            }
+            sshd_args.extend(["-h", key_path]);
+        }
+
+        let sshd_args = sshd_args.into_iter().map(String::from).collect();
+
+        // don't pre-start sshd as it should rarely be useful at this stage, use inetd-style.
+        let listen_addr = cfg.ssh.listen.clone();
+        info!("ssh: starting listener on {listen_addr}");
+
+        let listener = net::TcpListener::bind(listen_addr).await?;
+
+        tokio::spawn(handle_ssh_connections(listener, sshd_args));
+
+        Ok(())
+    })
+    .await;
+}
+
+async fn handle_ssh_connections(listener: net::TcpListener, sshd_args: Vec<String>) {
+    loop {
+        let (stream, remote) = match listener.accept().await {
+            Ok(v) => v,
+            Err(e) => {
+                warn!("ssh: listener stopped: {e}");
+                return;
+            }
+        };
+
+        use std::os::unix::io::{AsRawFd, FromRawFd};
+        let fd = stream.as_raw_fd();
+
+        let mut cmd = Command::new("/usr/sbin/sshd");
+        cmd.args(&sshd_args);
+
+        cmd.stdin(unsafe { Stdio::from_raw_fd(fd) });
+        cmd.stdout(unsafe { Stdio::from_raw_fd(fd) });
+        cmd.stderr(Stdio::null());
+
+        let Ok(mut child) =
+            (cmd.spawn()).inspect_err(|e| warn!("ssh: failed to start server: {e}"))
+        else {
+            continue;
+        };
+
+        let pid = child.id().unwrap();
+        info!("ssh: new connection from {remote}, sshd PID {pid}");
+
+        tokio::spawn(async move {
+            let _ = child.wait().await;
+        });
+    }
+}