diff options
| author | Shulhan <ms@kilabit.info> | 2023-12-17 15:36:14 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2023-12-17 18:43:01 +0700 |
| commit | b0375d78d6f1f5572e54f9427a55af0a6aaa12bc (patch) | |
| tree | 624d418d07a9f62c862bfb3cb3fe4fbfe7092ae2 /ssh_client.go | |
| parent | cf8caf8844b51d71e39f5b454fc7c79a9bec3227 (diff) | |
| download | awwan-b0375d78d6f1f5572e54f9427a55af0a6aaa12bc.tar.xz | |
all: change the remote temporary directory to "~/.cache/awwan"
If the file to be copied contains sensitive data, putting them in
"/tmp" considered a security risk, even though it will be moved to
destination later.
The issue is when the "#put" command failed, the plain file is left
on "/tmp" directory.
This changes add additional advantage where we did not need to remove
the temporary directory on remote when execution completed, since the
temporary directory should be accessible by user only.
Implements: https://todo.sr.ht/~shulhan/awwan/8
Diffstat (limited to 'ssh_client.go')
| -rw-r--r-- | ssh_client.go | 26 |
1 files changed, 16 insertions, 10 deletions
diff --git a/ssh_client.go b/ssh_client.go index e47b47b..7b89491 100644 --- a/ssh_client.go +++ b/ssh_client.go @@ -4,12 +4,13 @@ package awwan import ( + "bytes" "errors" "fmt" "io/fs" "path/filepath" + "strings" - "github.com/shuLhan/share/lib/ascii" "github.com/shuLhan/share/lib/ssh" "github.com/shuLhan/share/lib/ssh/config" "github.com/shuLhan/share/lib/ssh/sftp" @@ -29,13 +30,16 @@ type sshClient struct { // dirTmp temporary directory for sudoGet or sudoPut operations. dirTmp string + + // dirHome define the remote user home directory. + dirHome string } // newSSHClient create new clients using the SSH config section. // // Once connection established, the client create new temporary directory on // server at dirTmp for sudoGet or sudoPut operations. -func newSSHClient(req *ExecRequest, section *config.Section, dirTmp string) (sshc *sshClient, err error) { +func newSSHClient(req *ExecRequest, section *config.Section) (sshc *sshClient, err error) { var logp = `newSSHClient` req.mlog.Outf(`--- SSH connection: %s@%s:%s`, @@ -45,7 +49,6 @@ func newSSHClient(req *ExecRequest, section *config.Section, dirTmp string) (ssh sshc = &sshClient{ section: section, - dirTmp: dirTmp, } sshc.conn, err = ssh.NewClientInteractive(section) @@ -60,11 +63,16 @@ func newSSHClient(req *ExecRequest, section *config.Section, dirTmp string) (ssh req.mlog.Errf(`%s: %s`, logp, err) } - if len(dirTmp) == 0 { - var randomString = string(ascii.Random([]byte(ascii.LettersNumber), 16)) - sshc.dirTmp = filepath.Join(defTmpDir, defDirTmpPrefix+randomString) + // Get the remote user's home directory. + var stdout []byte + stdout, _, err = sshc.conn.Output(`pwd`) + if err != nil { + return nil, err } + sshc.dirHome = string(bytes.TrimSpace(stdout)) + sshc.dirTmp = strings.Replace(defTmpDirPlay, `~`, sshc.dirHome, 1) + err = sshc.mkdir(sshc.dirTmp, 0700) if err != nil { return nil, err @@ -99,8 +107,6 @@ func (sshc *sshClient) chown(remoteFile, owner string) (err error) { // close the connections and release all resources. func (sshc *sshClient) close() (err error) { - err = sshc.rmdirAll(sshc.dirTmp) - var errClose error if sshc.sftpc != nil { @@ -134,14 +140,14 @@ func (sshc *sshClient) get(remote, local string) (err error) { // mkdir create directory on the remote server. func (sshc *sshClient) mkdir(dir string, permission uint32) (err error) { if sshc.sftpc == nil { - var mkdirStmt = fmt.Sprintf(`mkdir %s`, dir) + var mkdirStmt = fmt.Sprintf(`mkdir -p %s`, dir) err = sshc.conn.Execute(mkdirStmt) } else { var fa = sftp.FileAttrs{} fa.SetPermissions(permission) - err = sshc.sftpc.Mkdir(dir, &fa) + err = sshc.sftpc.MkdirAll(dir, &fa) } return err } |