[#72940] linux-client: Support spawning reverse shell

lkedziora · lkedziora · commit eb2debd0c689 · 2025-05-20T15:00:08.000+02:00
Signed-off-by: Łukasz Kędziora &lt;lkedziora@antmicro.com&gt;
diff --git a/devices/linux-client/daemon/daemonize.go b/devices/linux-client/daemon/daemonize.go
@@ -43,6 +43,11 @@ func Daemonize(c *libcli.Context) error {
 		log.Errorln("Failed to setup action runner:", err)
 		return err
 	}
+	err = device.setupShellRunner()
+	if err != nil {
+		log.Errorln("Failed to setup shell runner:", err)
+		return err
+	}
 
 	channel := make(chan os.Signal)
 	signal.Notify(channel, syscall.SIGINT, syscall.SIGTERM)
diff --git a/devices/linux-client/daemon/device.go b/devices/linux-client/daemon/device.go
@@ -27,6 +27,7 @@ import (
 	"github.com/antmicro/rdfm/app"
 	"github.com/antmicro/rdfm/conf"
 	"github.com/antmicro/rdfm/serverws"
+	"github.com/antmicro/rdfm/shell"
 	"github.com/antmicro/rdfm/telemetry"
 
 	netUtils "github.com/antmicro/rdfm/daemon/net_utils"
@@ -48,6 +49,7 @@ type Device struct {
 	logManager          *telemetry.LogManager
 	conn                *serverws.DeviceManagementConnection
 	actionRunner        *actions.ActionRunner
+	shellRunner         *shell.ShellRunner
 }
 
 func (d *Device) handleRequest(msg []byte) (serverws.Request, error) {
@@ -107,8 +109,40 @@ func (d *Device) handleRequest(msg []byte) (serverws.Request, error) {
 			Actions: reqActions,
 		}
 		return response, nil
-	//case serverws.DeviceAttachToManager:
-	// TODO: Handle shell_attach
+	case serverws.DeviceAttachToManager:
+		tlsConf, err := d.getTlsConf()
+		if err != nil {
+			log.Warnln("Failed to get TLS configuration:", err)
+			return nil, nil
+		}
+
+		go func() {
+			token, err := d.getDeviceToken()
+			if err != nil {
+				log.Warnln("Failed to acquire device token:", err)
+				return
+			}
+
+			session, err := d.shellRunner.Spawn(r.Uuid)
+			if err != nil {
+				log.Warnln("Failed to spawn shell session:", err)
+				return
+			}
+			defer d.shellRunner.Terminate(session.Uuid())
+
+			conn := serverws.NewShellConnection(d.rdfmCtx.RdfmConfig.ServerURL, tlsConf)
+			err = conn.Connect(token, r.MacAddr, r.Uuid)
+			if err != nil {
+				log.Warnln("Failed to connect to shell WebSocket:", err)
+				return
+			}
+			defer conn.Close()
+
+			err = session.Run(conn)
+			log.Debugf("Shell session %s exited with err: %s", session.Uuid(), err)
+		}()
+
+		return nil, nil
 	default:
 		log.Warnf("Request '%s' is unsupported", requestName)
 		response := serverws.CantHandleRequest()
@@ -206,7 +240,7 @@ func (d *Device) setupConnection() error {
 	// config file instead, but we don't have any configuration options that
 	// determine whether action/shell should be enabled or not.
 	d.conn.SetCapability("action", true)
-	d.conn.SetCapability("shell", false)
+	d.conn.SetCapability("shell", true)
 	return nil
 }
 
@@ -219,6 +253,15 @@ func (d *Device) setupActionRunner() error {
 	return nil
 }
 
+func (d *Device) setupShellRunner() error {
+	sr, err := shell.NewShellRunner(1)
+	if err != nil {
+		return err
+	}
+	d.shellRunner = sr
+	return nil
+}
+
 func (d *Device) actionResultCallback(result actions.ActionResult, cancelCtx context.Context) bool {
 	res := serverws.ActionExecResult{
 		Method:      "action_exec_result",
diff --git a/devices/linux-client/serverws/requests.go b/devices/linux-client/serverws/requests.go
@@ -120,7 +120,9 @@ func Parse(r string) (Request, error) {
 		err = json.Unmarshal([]byte(r), &parsed)
 		return parsed, err
 	case "shell_attach":
-		// TODO: reverse shell support
+		var parsed DeviceAttachToManager
+		err = json.Unmarshal([]byte(r), &parsed)
+		return parsed, err
 	case "action_exec":
 		var parsed ActionExec
 		err = json.Unmarshal([]byte(r), &parsed)
