open-vault/builtin/logical/ssh/ssh_connect.go

package ssh

import (
	"bytes"
	"fmt"
	"io/ioutil"
	"log"
	"strings"

	"github.com/hashicorp/vault/logical"
	"github.com/hashicorp/vault/logical/framework"
)

func sshConnect(b *backend) *framework.Path {
	log.Printf("Vishal: ssh.sshConnect\n")
	return &framework.Path{
		Pattern: "connect",
		Fields: map[string]*framework.FieldSchema{
			"username": &framework.FieldSchema{
				Type:        framework.TypeString,
				Description: "username at SSH host",
			},
			"address": &framework.FieldSchema{
				Type:        framework.TypeString,
				Description: "IPv4 address of SSH host",
			},
		},
		Callbacks: map[logical.Operation]framework.OperationFunc{
			logical.WriteOperation: b.sshConnectWrite,
		},
		HelpSynopsis:    sshConnectHelpSyn,
		HelpDescription: sshConnectHelpDesc,
	}
}

func (b *backend) sshConnectWrite(
	req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
	username := d.Get("username").(string)
	ipAddr := d.Get("address").(string)
	log.Printf("Vishal: ssh.sshConnectWrite username:%#v address:%#v\n", username, ipAddr)

	hostKeyPath := "hosts/" + ipAddr + "/" + username
	entry, err := req.Storage.Get(hostKeyPath)
	if err != nil {
		return nil, err
	}

	if entry == nil {
		return nil, fmt.Errorf("Host key is not configured. Please configure them at the config/addhostkey endpoint")
	}
	var hostKey sshHostKey
	if err := entry.DecodeJSON(&hostKey); err != nil {
		return nil, fmt.Errorf("Error reading the host key: %s", err)
	}
	log.Printf("Vishal: host key previously configured: \n---------------\n%#v\n--------------\n", hostKey.Key)

	//TODO: save th entry in a file
	//TODO: read the hosts path and get the key
	//TODO: Input validation for the commands below

	rmCmd := "rm -f " + "vault_ssh_otk.pem" + " " + "vault_ssh_otk.pem.pub" + ";"
	sshKeygenCmd := "ssh-keygen -f " + "vault_ssh_otk.pem" + " -t rsa -N ''" + ";"
	chmodCmd := "chmod 400 " + "vault_ssh_otk.pem" + ";"
	scpCmd := "scp -i " + "vault_ssh_shared.pem" + " " + "vault_ssh_otk.pem.pub" + " " + username + "@" + ipAddr + ":~;"

	localCmdString := strings.Join([]string{
		rmCmd,
		sshKeygenCmd,
		chmodCmd,
		scpCmd,
	}, "")
	err = exec_command(localCmdString)
	if err != nil {
		fmt.Errorf("Running command failed " + err.Error())
	}
	session := createSSHPublicKeysSession(username, ipAddr)
	var buf bytes.Buffer
	session.Stdout = &buf
	if err := installSshOtkInTarget(session); err != nil {
		fmt.Errorf("Failed to install one-time-key at target machine: " + err.Error())
	}
	session.Close()
	fmt.Println(buf.String())
	keyBytes, err := ioutil.ReadFile("vault_ssh_otk.pem")
	oneTimeKey := string(keyBytes)
	log.Printf("Vishal: Returning:%s\n", oneTimeKey)
	return b.Secret(SecretSshHostKeyType).Response(map[string]interface{}{
		"key": oneTimeKey,
	}, nil), nil
	/*return &logical.Response{
		Data: map[string]interface{}{
			"key": oneTimeKey,
		},
	}, nil
	*/
}

const sshConnectHelpSyn = `
sshConnectionHelpSyn
`

const sshConnectHelpDesc = `
rshConnectionHelpDesc
`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`package ssh`

			`import (`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`"bytes"`
			`"fmt"`
			`"io/ioutil"`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`"log"`
Roles, key renewal handled. End-to-end basic flow working. 2015-06-19 00:48:41 +00:00			`"strings"`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00
			`"github.com/hashicorp/vault/logical"`
			`"github.com/hashicorp/vault/logical/framework"`
			`)`

			`func sshConnect(b backend) framework.Path {`
			`log.Printf("Vishal: ssh.sshConnect\n")`
			`return &framework.Path{`
			`Pattern: "connect",`
			`Fields: map[string]*framework.FieldSchema{`
			`"username": &framework.FieldSchema{`
			`Type: framework.TypeString,`
			`Description: "username at SSH host",`
			`},`
			`"address": &framework.FieldSchema{`
			`Type: framework.TypeString,`
			`Description: "IPv4 address of SSH host",`
			`},`
			`},`
			`Callbacks: map[logical.Operation]framework.OperationFunc{`
			`logical.WriteOperation: b.sshConnectWrite,`
			`},`
			`HelpSynopsis: sshConnectHelpSyn,`
			`HelpDescription: sshConnectHelpDesc,`
			`}`
			`}`

			`func (b *backend) sshConnectWrite(`
			`req logical.Request, d framework.FieldData) (*logical.Response, error) {`
Roles, key renewal handled. End-to-end basic flow working. 2015-06-19 00:48:41 +00:00			`username := d.Get("username").(string)`
			`ipAddr := d.Get("address").(string)`
			`log.Printf("Vishal: ssh.sshConnectWrite username:%#v address:%#v\n", username, ipAddr)`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00
Roles, key renewal handled. End-to-end basic flow working. 2015-06-19 00:48:41 +00:00			`hostKeyPath := "hosts/" + ipAddr + "/" + username`
			`entry, err := req.Storage.Get(hostKeyPath)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if entry == nil {`
			`return nil, fmt.Errorf("Host key is not configured. Please configure them at the config/addhostkey endpoint")`
			`}`
			`var hostKey sshHostKey`
			`if err := entry.DecodeJSON(&hostKey); err != nil {`
			`return nil, fmt.Errorf("Error reading the host key: %s", err)`
			`}`
			`log.Printf("Vishal: host key previously configured: \n---------------\n%#v\n--------------\n", hostKey.Key)`

			`//TODO: save th entry in a file`
			`//TODO: read the hosts path and get the key`
			`//TODO: Input validation for the commands below`

			`rmCmd := "rm -f " + "vault_ssh_otk.pem" + " " + "vault_ssh_otk.pem.pub" + ";"`
			`sshKeygenCmd := "ssh-keygen -f " + "vault_ssh_otk.pem" + " -t rsa -N ''" + ";"`
			`chmodCmd := "chmod 400 " + "vault_ssh_otk.pem" + ";"`
			`scpCmd := "scp -i " + "vault_ssh_shared.pem" + " " + "vault_ssh_otk.pem.pub" + " " + username + "@" + ipAddr + ":~;"`

			`localCmdString := strings.Join([]string{`
			`rmCmd,`
			`sshKeygenCmd,`
			`chmodCmd,`
			`scpCmd,`
			`}, "")`
			`err = exec_command(localCmdString)`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`if err != nil {`
			`fmt.Errorf("Running command failed " + err.Error())`
			`}`
Roles, key renewal handled. End-to-end basic flow working. 2015-06-19 00:48:41 +00:00			`session := createSSHPublicKeysSession(username, ipAddr)`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`var buf bytes.Buffer`
			`session.Stdout = &buf`
			`if err := installSshOtkInTarget(session); err != nil {`
			`fmt.Errorf("Failed to install one-time-key at target machine: " + err.Error())`
			`}`
			`session.Close()`
			`fmt.Println(buf.String())`
			`keyBytes, err := ioutil.ReadFile("vault_ssh_otk.pem")`
			`oneTimeKey := string(keyBytes)`
Roles, key renewal handled. End-to-end basic flow working. 2015-06-19 00:48:41 +00:00			`log.Printf("Vishal: Returning:%s\n", oneTimeKey)`
			`return b.Secret(SecretSshHostKeyType).Response(map[string]interface{}{`
			`"key": oneTimeKey,`
			`}, nil), nil`
			`/*return &logical.Response{`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`Data: map[string]interface{}{`
Received OTK in SSH client. Forked SSH process from CLI. Added utility file for SSH. 2015-06-18 00:33:03 +00:00			`"key": oneTimeKey,`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`},`
			`}, nil`
Roles, key renewal handled. End-to-end basic flow working. 2015-06-19 00:48:41 +00:00			`*/`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`}`

			const sshConnectHelpSyn = `
			`sshConnectionHelpSyn`
			`

			const sshConnectHelpDesc = `
Roles, key renewal handled. End-to-end basic flow working. 2015-06-19 00:48:41 +00:00			`rshConnectionHelpDesc`
Added: Ssh CLI command and API, config lease impl, sshConnect path to backend, http handler for Ssh connect 2015-06-17 16:39:49 +00:00			`