|
|
|
|
#!/usr/bin/perl
|
|
|
|
|
#
|
|
|
|
|
# Open an SSH tunnel using the Net::OpenSSH module and keep it opened with an infinite loop.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
use strict;
|
|
|
|
|
use warnings;
|
|
|
|
|
use Anvil::Tools;
|
|
|
|
|
use File::Basename;
|
|
|
|
|
use Net::OpenSSH;
|
|
|
|
|
|
|
|
|
|
$| = 1;
|
|
|
|
|
|
|
|
|
|
my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0];
|
|
|
|
|
my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0];
|
|
|
|
|
if (($running_directory =~ /^\./) && ($ENV{PWD}))
|
|
|
|
|
{
|
|
|
|
|
$running_directory =~ s/^\./$ENV{PWD}/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my $anvil = Anvil::Tools->new({ on_sig_int => \&close_connection, on_sig_term => \&close_connection });
|
|
|
|
|
|
|
|
|
|
my $echo = $anvil->data->{path}{exe}{'echo'};
|
|
|
|
|
my $rm = $anvil->data->{path}{exe}{'rm'};
|
|
|
|
|
my $sed = $anvil->data->{path}{exe}{'sed'};
|
|
|
|
|
|
|
|
|
|
$anvil->Get->switches;
|
|
|
|
|
|
|
|
|
|
my $connect_child = $anvil->data->{switches}{'child'};
|
|
|
|
|
my $switch_debug = $anvil->data->{switches}{'debug'} || 3;
|
|
|
|
|
my $ssh_ctl_cmd = $anvil->data->{switches}{'ctl-cmd'};
|
|
|
|
|
my $ssh_ctl_path = $anvil->data->{switches}{'ctl-path'};
|
|
|
|
|
my $ssh_forward = $anvil->data->{switches}{'forward'};
|
|
|
|
|
my $ssh_forward_lport = $anvil->data->{switches}{'forward-lport'};
|
|
|
|
|
my $ssh_forward_rport = $anvil->data->{switches}{'forward-rport'};
|
|
|
|
|
my $ssh_port = $anvil->data->{switches}{'port'};
|
|
|
|
|
my $ssh_target = $anvil->data->{switches}{'target'};
|
|
|
|
|
my $ssh_test_interval = $anvil->data->{switches}{'test-interval'};
|
|
|
|
|
my $ssh_tunnel_ls_path = $anvil->data->{switches}{'tunnel-ls-path'};
|
|
|
|
|
my $ssh_tunnel_ls_prefix = $anvil->data->{switches}{'tunnel-ls-prefix'};
|
|
|
|
|
my $ssh_user = $anvil->data->{switches}{'user'};
|
|
|
|
|
|
|
|
|
|
if ( (defined $ssh_ctl_path) && (not $ssh_ctl_path =~ /^(?:#!SET!#|)$/) )
|
|
|
|
|
{
|
|
|
|
|
my ($ssh_ctl_name) = fileparse($ssh_ctl_path);
|
|
|
|
|
|
|
|
|
|
$ssh_tunnel_ls_path //= $anvil->data->{path}{'directories'}{'tmp'}."/$ssh_ctl_name";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Global for holding the SSH file handle; needed because it's hard to pass
|
|
|
|
|
# params to signal handlers.
|
|
|
|
|
my $ssh;
|
|
|
|
|
|
|
|
|
|
if ($connect_child)
|
|
|
|
|
{
|
|
|
|
|
(my $open_rcode, $ssh) = open_connection({
|
|
|
|
|
ctl_path => $ssh_ctl_path,
|
|
|
|
|
debug => $switch_debug,
|
|
|
|
|
external_parent => 1,
|
|
|
|
|
port => $ssh_port,
|
|
|
|
|
target => $ssh_target,
|
|
|
|
|
user => $ssh_user,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
$anvil->nice_exit({ exit_code => $open_rcode }) if ($open_rcode);
|
|
|
|
|
|
|
|
|
|
my ($manage_rcode) = manage_tunnel({
|
|
|
|
|
ctl_cmd => $ssh_ctl_cmd,
|
|
|
|
|
debug => $switch_debug,
|
|
|
|
|
forward => $ssh_forward,
|
|
|
|
|
forward_lport => $ssh_forward_lport,
|
|
|
|
|
forward_rport => $ssh_forward_rport,
|
|
|
|
|
ls_path => $ssh_tunnel_ls_path,
|
|
|
|
|
ls_prefix => $ssh_tunnel_ls_prefix,
|
|
|
|
|
ssh_fh => $ssh,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
$anvil->nice_exit({ exit_code => $manage_rcode }) if ($manage_rcode);
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
$ssh_test_interval = 60 if (not is_int($ssh_test_interval));
|
|
|
|
|
|
|
|
|
|
(my $open_rcode, $ssh) = open_connection({
|
|
|
|
|
ctl_path => $ssh_ctl_path,
|
|
|
|
|
debug => $switch_debug,
|
|
|
|
|
port => $ssh_port,
|
|
|
|
|
target => $ssh_target,
|
|
|
|
|
user => $ssh_user,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
$anvil->nice_exit({ exit_code => $open_rcode }) if ($open_rcode);
|
|
|
|
|
|
|
|
|
|
if (not defined $ssh_ctl_path)
|
|
|
|
|
{
|
|
|
|
|
# Not making an external parent connection; forward using
|
|
|
|
|
# internal parent connection.
|
|
|
|
|
my ($manage_rcode) = manage_tunnel({
|
|
|
|
|
ctl_cmd => $ssh_ctl_cmd,
|
|
|
|
|
debug => $switch_debug,
|
|
|
|
|
forward => $ssh_forward,
|
|
|
|
|
forward_lport => $ssh_forward_lport,
|
|
|
|
|
forward_rport => $ssh_forward_rport,
|
|
|
|
|
ls_path => $ssh_tunnel_ls_path,
|
|
|
|
|
ls_prefix => $ssh_tunnel_ls_prefix,
|
|
|
|
|
ssh_fh => $ssh,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
$anvil->nice_exit({ exit_code => $manage_rcode }) if ($manage_rcode);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my $is_ssh_tunnel_alive = 1;
|
|
|
|
|
|
|
|
|
|
while ($is_ssh_tunnel_alive)
|
|
|
|
|
{
|
|
|
|
|
$is_ssh_tunnel_alive = $ssh->test($echo);
|
|
|
|
|
|
|
|
|
|
sleep($ssh_test_interval);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
close_connection({ debug => $switch_debug });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$anvil->nice_exit({ exit_code => 0 });
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
|
# Functions
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
sub build_ssh_fh_key
|
|
|
|
|
{
|
|
|
|
|
my ($user, $target, $port) = @_;
|
|
|
|
|
|
|
|
|
|
return "${user}\@${target}:${port}";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub close_connection
|
|
|
|
|
{
|
|
|
|
|
my $parameters = shift;
|
|
|
|
|
my $debug = $parameters->{debug} || 3;
|
|
|
|
|
my $ssh_fh = $parameters->{ssh_fh} // $ssh;
|
|
|
|
|
my $tunnel_ls_path = $parameters->{tunnel_ls_path} // $ssh_tunnel_ls_path;
|
|
|
|
|
|
|
|
|
|
return (1) if ( (not defined $ssh_fh) || (not $ssh_fh->can("disconnect")) );
|
|
|
|
|
|
|
|
|
|
my $ctl_path = $ssh_fh->get_ctl_path();
|
|
|
|
|
my $pid = $ssh_fh->get_master_pid();
|
|
|
|
|
|
|
|
|
|
$ssh_fh->disconnect();
|
|
|
|
|
|
|
|
|
|
$anvil->Log->variables({ source => $THIS_FILE, line => __LINE__, level => $debug, list => {
|
|
|
|
|
message => "Parent connection [$pid] using [$ctl_path] disconnected."
|
|
|
|
|
} });
|
|
|
|
|
|
|
|
|
|
if ( (defined $tunnel_ls_path) && (-e $tunnel_ls_path) )
|
|
|
|
|
{
|
|
|
|
|
$anvil->System->call({ shell_call => "$rm -f '$tunnel_ls_path'" });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub is_valid_tunnel_ctl_command
|
|
|
|
|
{
|
|
|
|
|
return defined $_[0] && $_[0] =~ /^(?:cancel|forward)$/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub is_valid_forward
|
|
|
|
|
{
|
|
|
|
|
return defined $_[0] && $_[0] =~ /^(?:L|R)$/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub is_int
|
|
|
|
|
{
|
|
|
|
|
return defined $_[0] && $_[0] =~ /^\d+$/;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub is_ssh_fh_defined
|
|
|
|
|
{
|
|
|
|
|
return defined $_[0] ? 1 : 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub manage_tunnel
|
|
|
|
|
{
|
|
|
|
|
my $parameters = shift;
|
|
|
|
|
my $ctl_cmd = $parameters->{ctl_cmd} // "forward";
|
|
|
|
|
my $debug = $parameters->{debug} || 3;
|
|
|
|
|
my $forward = $parameters->{forward} // "R";
|
|
|
|
|
my $forward_laddr = $parameters->{forward_laddr} // "0.0.0.0";
|
|
|
|
|
my $forward_lport = $parameters->{forward_lport};
|
|
|
|
|
my $forward_raddr = $parameters->{forward_raddr} // "0.0.0.0";
|
|
|
|
|
my $forward_rport = $parameters->{forward_rport};
|
|
|
|
|
my $ls_path = $parameters->{ls_path};
|
|
|
|
|
my $ls_prefix = $parameters->{ls_prefix} // "";
|
|
|
|
|
my $ssh_fh = $parameters->{ssh_fh};
|
|
|
|
|
|
|
|
|
|
$anvil->Log->variables({ source => $THIS_FILE, line => __LINE__, level => $debug, list => $parameters, prefix => "manage_tunnel" });
|
|
|
|
|
|
|
|
|
|
return (1) if ( (not is_ssh_fh_defined($ssh_fh))
|
|
|
|
|
|| (not is_valid_tunnel_ctl_command($ctl_cmd))
|
|
|
|
|
|| (not is_valid_forward($forward))
|
|
|
|
|
|| (not is_int($forward_lport))
|
|
|
|
|
|| (not is_int($forward_rport)) );
|
|
|
|
|
|
|
|
|
|
my $addr_a = $forward_laddr;
|
|
|
|
|
my $addr_b = $forward_raddr;
|
|
|
|
|
my $port_a = $forward_lport;
|
|
|
|
|
my $port_b = $forward_rport;
|
|
|
|
|
|
|
|
|
|
# When remote forward, change the option and reverse the addresses and ports.
|
|
|
|
|
if ($forward eq "R")
|
|
|
|
|
{
|
|
|
|
|
$addr_a = $forward_raddr;
|
|
|
|
|
$addr_b = $forward_laddr;
|
|
|
|
|
$port_a = $forward_rport;
|
|
|
|
|
$port_b = $forward_lport;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my $forward_opt = "-${forward}${addr_a}:${port_a}:${addr_b}:${port_b}";
|
|
|
|
|
|
|
|
|
|
$anvil->Log->variables({ source => $THIS_FILE, line => __LINE__, level => $debug, list => { forward_opt => $forward_opt } });
|
|
|
|
|
|
|
|
|
|
$ssh_fh->system({ ssh_opts => [ "-O", $ctl_cmd, $forward_opt ] }) or return (1);
|
|
|
|
|
|
|
|
|
|
if (defined $ls_path)
|
|
|
|
|
{
|
|
|
|
|
my $write_call = $ctl_cmd eq "forward"
|
|
|
|
|
? "$echo '${ls_prefix}${forward_opt}' >>'$ls_path'"
|
|
|
|
|
: "$sed -i '/$forward_opt/d' '$ls_path'";
|
|
|
|
|
|
|
|
|
|
$anvil->System->call({ shell_call => $write_call });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sub open_connection
|
|
|
|
|
{
|
|
|
|
|
my $parameters = shift;
|
|
|
|
|
my $ctl_path = $parameters->{ctl_path};
|
|
|
|
|
my $debug = $parameters->{debug} || 3;
|
|
|
|
|
my $external_parent = $parameters->{external_parent} ? 1 : 0;
|
|
|
|
|
my $port = $parameters->{port} || 22;
|
|
|
|
|
my $target = $parameters->{target};
|
|
|
|
|
my $user = $parameters->{user} // "root";
|
|
|
|
|
|
|
|
|
|
$anvil->Log->variables({ source => $THIS_FILE, line => __LINE__, level => $debug, list => $parameters, prefix => "open_connection" });
|
|
|
|
|
|
|
|
|
|
if ($external_parent)
|
|
|
|
|
{
|
|
|
|
|
# Control socket path must exist if we want to use an
|
|
|
|
|
# external parent connection.
|
|
|
|
|
return (1) if ( (not defined $ctl_path) || (not -e $ctl_path) );
|
|
|
|
|
|
|
|
|
|
$target //= "0.0.0.0";
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
return (1) if ( (not defined $target) || ($target eq "") );
|
|
|
|
|
|
|
|
|
|
if (defined $ctl_path)
|
|
|
|
|
{
|
|
|
|
|
# Control socket path mustn't exist if we want to
|
|
|
|
|
# establish a new parent connection with it.
|
|
|
|
|
return (1) if ( ($ctl_path eq "") || (-e $ctl_path) );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
my ($output, $error, $rcode) = $anvil->Remote->call({
|
|
|
|
|
# Start new connection; doesn't mean "don't cache the created connection".
|
|
|
|
|
no_cache => 1,
|
|
|
|
|
ossh_opts => [ ctl_path => $ctl_path, external_master => $external_parent ],
|
|
|
|
|
port => $port,
|
|
|
|
|
remote_user => $user,
|
|
|
|
|
shell_call => "$echo 1",
|
|
|
|
|
target => $target,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
$anvil->Log->variables({ source => $THIS_FILE, line => __LINE__, level => $debug, list => {
|
|
|
|
|
error => $error,
|
|
|
|
|
output => $output,
|
|
|
|
|
rcode => $rcode,
|
|
|
|
|
} });
|
|
|
|
|
|
|
|
|
|
return (1) if ( $rcode || ($output ne "1") );
|
|
|
|
|
|
|
|
|
|
my $ssh_fh_key = build_ssh_fh_key($user, $target, $port);
|
|
|
|
|
|
|
|
|
|
$anvil->Log->variables({ source => $THIS_FILE, line => __LINE__, level => $debug, list => { ssh_fh_key => $ssh_fh_key } });
|
|
|
|
|
|
|
|
|
|
my $ssh_fh = $anvil->data->{cache}{ssh_fh}{$ssh_fh_key};
|
|
|
|
|
|
|
|
|
|
return (1) if (not is_ssh_fh_defined($ssh_fh));
|
|
|
|
|
|
|
|
|
|
delete $anvil->data->{cache}{ssh_fh}{$ssh_fh_key};
|
|
|
|
|
|
|
|
|
|
$anvil->Log->variables({ source => $THIS_FILE, line => __LINE__, level => $debug, list => {
|
|
|
|
|
ctl_path => $ssh_fh->get_ctl_path(),
|
|
|
|
|
pid => $ssh_fh->get_master_pid(),
|
|
|
|
|
} });
|
|
|
|
|
|
|
|
|
|
return (0, $ssh_fh);
|
|
|
|
|
}
|
