@ -12,11 +12,13 @@
package tailssh
import (
"context"
"encoding/json"
"errors"
"flag"
"fmt"
"io"
"io/fs"
"log"
"log/syslog"
"os"
@ -29,6 +31,7 @@ import (
"strings"
"sync/atomic"
"syscall"
"time"
"github.com/creack/pty"
"github.com/pkg/sftp"
@ -70,11 +73,36 @@ var maybeStartLoginSession = func(dlogf logger.Logf, ia incubatorArgs) (close fu
return nil
}
// tryExecInDir tries to run a command in dir and returns nil if it succeeds.
// Otherwise, it returns a filesystem error or a timeout error if the command
// took too long.
func tryExecInDir ( ctx context . Context , dir string ) error {
ctx , cancel := context . WithTimeout ( ctx , 10 * time . Second )
defer cancel ( )
// Assume that the following executables exist, are executable, and
// immediately return.
var name string
switch runtime . GOOS {
case "windows" :
windir := os . Getenv ( "windir" )
name = filepath . Join ( windir , "system32" , "doskey.exe" )
default :
name = "/bin/true"
}
cmd := exec . CommandContext ( ctx , name )
cmd . Dir = dir
return cmd . Run ( )
}
// newIncubatorCommand returns a new exec.Cmd configured with
// `tailscaled be-child ssh` as the entrypoint.
//
// If ss.srv.tailscaledPath is empty, this method is equivalent to
// exec.CommandContext.
// If ss.srv.tailscaledPath is empty, this method is almost equivalent to
// exec.CommandContext. It will refuse to run in SFTP-mode. It will simulate the
// behavior of SSHD when by falling back to the root directory if it cannot run
// a command in the user’
//
// The returned Cmd.Env is guaranteed to be nil; the caller populates it.
func ( ss * sshSession ) newIncubatorCommand ( logf logger . Logf ) ( cmd * exec . Cmd , err error ) {
@ -104,7 +132,35 @@ func (ss *sshSession) newIncubatorCommand(logf logger.Logf) (cmd *exec.Cmd, err
loginShell := ss . conn . localUser . LoginShell ( )
args := shellArgs ( isShell , ss . RawCommand ( ) )
logf ( "directly running %s %q" , loginShell , args )
return exec . CommandContext ( ss . ctx , loginShell , args ... ) , nil
cmd = exec . CommandContext ( ss . ctx , loginShell , args ... )
// While running directly instead of using `tailscaled be-child`,
// do what sshd does by running inside the home directory,
// falling back to the root directory it doesn't have permissions.
// This can happen if the system has networked home directories,
// i.e. NFS or SMB, which enable root-squashing by default.
cmd . Dir = ss . conn . localUser . HomeDir
err := tryExecInDir ( ss . ctx , cmd . Dir )
switch {
case errors . Is ( err , exec . ErrNotFound ) :
// /bin/true might not be installed on a barebones system,
// so we assume that the home directory does not exist.
cmd . Dir = "/"
case errors . Is ( err , fs . ErrPermission ) || errors . Is ( err , fs . ErrNotExist ) :
// Ensure that cmd.Dir is the source of the error.
var pathErr * fs . PathError
if errors . As ( err , & pathErr ) && pathErr . Path == cmd . Dir {
// If we cannot run loginShell in localUser.HomeDir,
// we will try to run this command in the root directory.
cmd . Dir = "/"
} else {
return nil , err
}
case err != nil :
return nil , err
}
return cmd , nil
}
lu := ss . conn . localUser
@ -178,7 +234,10 @@ func (ss *sshSession) newIncubatorCommand(logf logger.Logf) (cmd *exec.Cmd, err
}
}
return exec . CommandContext ( ss . ctx , ss . conn . srv . tailscaledPath , incubatorArgs ... ) , nil
cmd = exec . CommandContext ( ss . ctx , ss . conn . srv . tailscaledPath , incubatorArgs ... )
// The incubator will chdir into the home directory after it drops privileges.
cmd . Dir = "/"
return cmd , nil
}
var debugIncubator bool
@ -777,7 +836,6 @@ func (ss *sshSession) launchProcess() error {
}
cmd := ss . cmd
cmd . Dir = "/"
cmd . Env = envForUser ( ss . conn . localUser )
for _ , kv := range ss . Environ ( ) {
if acceptEnvPair ( kv ) {
Simon Law
7 months ago
committed by