Fix channel hanging (#93)

Author: jeanp413

package.json

@@ -453,9 +453,9 @@
 		"@gitpod/public-api": "main-gha",
 		"@gitpod/supervisor-api-grpc": "main-gha",
 		"@improbable-eng/grpc-web-node-http-transport": "^0.14.0",
-		"@microsoft/dev-tunnels-ssh": "^3.11.8",
-		"@microsoft/dev-tunnels-ssh-keys": "^3.11.8",
-		"@microsoft/dev-tunnels-ssh-tcp": "^3.11.8",
+		"@microsoft/dev-tunnels-ssh": "^3.11.16",
+		"@microsoft/dev-tunnels-ssh-keys": "^3.11.16",
+		"@microsoft/dev-tunnels-ssh-tcp": "^3.11.16",
 		"@segment/analytics-node": "^1.0.0-beta.24",
 		"configcat-node": "^8.0.0",
 		"js-yaml": "^4.1.0",
@@ -476,4 +476,4 @@
 		"ws": "^8.13.0",
 		"yazl": "^2.5.1"
 	}
-}
+}

src/local-ssh/pipeSession.ts

@@ -0,0 +1,192 @@
+import { CancellationToken, PromiseCompletionSource, SessionRequestFailureMessage, SessionRequestMessage, SessionRequestSuccessMessage, SshChannel, SshChannelClosedEventArgs, SshChannelError, SshChannelOpeningEventArgs, SshMessage, SshRequestEventArgs, SshSession, SshSessionClosedEventArgs, SshTraceEventIds, TraceLevel } from "@microsoft/dev-tunnels-ssh";
+import { ChannelFailureMessage, ChannelMessage, ChannelOpenConfirmationMessage, ChannelOpenFailureMessage, ChannelRequestMessage, ChannelSuccessMessage, SshChannelOpenFailureReason } from "@microsoft/dev-tunnels-ssh/messages/connectionMessages";
+
+/**
+ * Extension methods for piping sessions and channels.
+ *
+ * Note this class is not exported from the package. Instead, the piping APIs are exposed via
+ * public methods on the `SshSession` and `SshChannel` classes. See those respective methods
+ * for API documentation.
+ */
+export class PipeExtensions {
+	public static async pipeSession(session: SshSession, toSession: SshSession): Promise<void> {
+		if (!session) throw new TypeError('Session is required.');
+		if (!toSession) throw new TypeError('Target session is required');
+
+		const endCompletion = new PromiseCompletionSource<Promise<void>>();
+
+		session.onRequest((e) => {
+			e.responsePromise = PipeExtensions.forwardSessionRequest(e, toSession, e.cancellation);
+		});
+		toSession.onRequest((e) => {
+			e.responsePromise = PipeExtensions.forwardSessionRequest(e, session, e.cancellation);
+		});
+
+		session.onChannelOpening((e) => {
+			if (e.isRemoteRequest) {
+				e.openingPromise = PipeExtensions.forwardChannel(e, toSession, e.cancellation);
+			}
+		});
+		toSession.onChannelOpening((e) => {
+			if (e.isRemoteRequest) {
+				e.openingPromise = PipeExtensions.forwardChannel(e, session, e.cancellation);
+			}
+		});
+
+		session.onClosed((e) => {
+			endCompletion.resolve(PipeExtensions.forwardSessionClose(toSession, e));
+		});
+		toSession.onClosed((e) => {
+			endCompletion.resolve(PipeExtensions.forwardSessionClose(session, e));
+		});
+
+		const endPromise = await endCompletion.promise;
+		await endPromise;
+	}
+
+	public static async pipeChannel(channel: SshChannel, toChannel: SshChannel): Promise<void> {
+		if (!channel) throw new TypeError('Channel is required.');
+		if (!toChannel) throw new TypeError('Target channel is required');
+
+		const endCompletion = new PromiseCompletionSource<Promise<void>>();
+		let closed = false;
+
+		channel.onRequest((e) => {
+			e.responsePromise = PipeExtensions.forwardChannelRequest(e, toChannel, e.cancellation);
+		});
+		toChannel.onRequest((e) => {
+			e.responsePromise = PipeExtensions.forwardChannelRequest(e, channel, e.cancellation);
+		});
+
+		channel.onDataReceived((data) => {
+			void PipeExtensions.forwardData(channel, toChannel, data).catch();
+		});
+		toChannel.onDataReceived((data) => {
+			void PipeExtensions.forwardData(toChannel, channel, data).catch();
+		});
+
+		channel.onEof(() => {
+			void PipeExtensions.forwardData(channel, toChannel, Buffer.alloc(0)).catch();
+		});
+		toChannel.onEof(() => {
+			void PipeExtensions.forwardData(toChannel, channel, Buffer.alloc(0)).catch();
+		});
+
+		channel.onClosed((e) => {
+			if (!closed) {
+				closed = true;
+				endCompletion.resolve(PipeExtensions.forwardChannelClose(channel, toChannel, e));
+			}
+		});
+		toChannel.onClosed((e) => {
+			if (!closed) {
+				closed = true;
+				endCompletion.resolve(PipeExtensions.forwardChannelClose(toChannel, channel, e));
+			}
+		});
+
+		const endTask = await endCompletion.promise;
+		await endTask;
+	}
+
+	private static async forwardSessionRequest(
+		e: SshRequestEventArgs<SessionRequestMessage>,
+		toSession: SshSession,
+		cancellation?: CancellationToken,
+	): Promise<SshMessage> {
+		// `SshSession.requestResponse()` always set `wantReply` to `true` internally and waits for a
+		// response, but since the message buffer is cached the updated `wantReply` value is not sent.
+		// Anyway, it's better to forward a no-reply message as another no-reply message, using
+		// `SshSession.request()` instead.
+		if (!e.request.wantReply) {
+			return toSession
+				.request(e.request, cancellation)
+				.then(() => new SessionRequestSuccessMessage());
+		}
+		return toSession.requestResponse(
+			e.request,
+			SessionRequestSuccessMessage,
+			SessionRequestFailureMessage,
+			cancellation,
+		);
+	}
+
+	private static async forwardChannel(
+		e: SshChannelOpeningEventArgs,
+		toSession: SshSession,
+		cancellation?: CancellationToken,
+	): Promise<ChannelMessage> {
+		try {
+			const toChannel = await toSession.openChannel(e.request, null, cancellation);
+			void PipeExtensions.pipeChannel(e.channel, toChannel).catch();
+			return new ChannelOpenConfirmationMessage();
+		} catch (err) {
+			if (!(err instanceof Error)) throw err;
+
+			const failureMessage = new ChannelOpenFailureMessage();
+			if (err instanceof SshChannelError) {
+				failureMessage.reasonCode = err.reason ?? SshChannelOpenFailureReason.connectFailed;
+			} else {
+				failureMessage.reasonCode = SshChannelOpenFailureReason.connectFailed;
+			}
+
+			failureMessage.description = err.message;
+			return failureMessage;
+		}
+	}
+
+	private static async forwardChannelRequest(
+		e: SshRequestEventArgs<ChannelRequestMessage>,
+		toChannel: SshChannel,
+		cancellation?: CancellationToken,
+	): Promise<SshMessage> {
+		e.request.recipientChannel = toChannel.remoteChannelId;
+		const result = await toChannel.request(e.request, cancellation);
+		return result ? new ChannelSuccessMessage() : new ChannelFailureMessage();
+	}
+
+	private static async forwardSessionClose(
+		session: SshSession,
+		e: SshSessionClosedEventArgs,
+	): Promise<void> {
+		return session.close(e.reason, e.message, e.error ?? undefined);
+	}
+
+	private static async forwardData(
+		channel: SshChannel,
+		toChannel: SshChannel,
+		data: Buffer,
+	): Promise<void> {
+		// Make a copy of the buffer before sending because SshChannel.send() is an async operation
+		// (it may need to wait for the window to open), while the buffer will be re-used for the
+		// next message as sson as this task yields.
+		const buffer = Buffer.alloc(data.length);
+		data.copy(buffer);
+		const promise = toChannel.send(buffer, CancellationToken.None);
+		channel.adjustWindow(buffer.length);
+		return promise;
+	}
+
+	private static async forwardChannelClose(
+		fromChannel: SshChannel,
+		toChannel: SshChannel,
+		e: SshChannelClosedEventArgs,
+	): Promise<void> {
+		const message =
+			`Piping channel closure.\n` +
+			`Source: ${fromChannel.session} ${fromChannel}\n` +
+			`Destination: ${toChannel.session} ${toChannel}\n`;
+		toChannel.session.trace(TraceLevel.Verbose, SshTraceEventIds.channelClosed, message);
+
+		if (e.error) {
+			toChannel.close(e.error as any);
+			return Promise.resolve();
+		} else if (e.exitSignal) {
+			return toChannel.close(e.exitSignal, e.errorMessage);
+		} else if (typeof e.exitStatus === 'number') {
+			return toChannel.close(e.exitStatus);
+		} else {
+			return toChannel.close();
+		}
+	}
+}

src/local-ssh/proxy.ts

@@ -82,6 +82,7 @@ import * as stream from 'stream';
 import { ILogService } from '../services/logService';
 import { ITelemetryService, UserFlowTelemetryProperties } from '../common/telemetry';
 import { LocalSSHMetricsReporter } from '../services/localSSHMetrics';
+import { PipeExtensions } from './pipeSession';
 
 // This public key is safe to be public since we only use it to verify local-ssh connections.
 const HOST_KEY = 'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JR0hBZ0VBTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEJHMHdhd0lCQVFRZ1QwcXg1eEJUVmc4TUVJbUUKZmN4RXRZN1dmQVVsM0JYQURBK2JYREsyaDZlaFJBTkNBQVJlQXo0RDVVZXpqZ0l1SXVOWXpVL3BCWDdlOXoxeApvZUN6UklqcGdCUHozS0dWRzZLYXV5TU5YUm95a21YSS9BNFpWaW9nd2Vjb0FUUjRUQ2FtWm1ScAotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==';
@@ -190,7 +191,7 @@ class WebSocketSSHProxy {
             e.authenticationPromise = this.authenticateClient(e.username ?? '')
                 .then(async pipeSession => {
                     this.sendUserStatusFlow('connected');
-                    pipePromise = session.pipe(pipeSession);
+                    pipePromise = PipeExtensions.pipeSession(session, pipeSession);
                     return {};
                 }).catch(async err => {
                     this.logService.error('failed to authenticate proxy with username: ' + e.username ?? '', err);

yarn.lock

@@ -246,24 +246,24 @@
     semver "^7.3.5"
     tar "^6.1.11"
 
-"@microsoft/dev-tunnels-ssh-keys@^3.11.8":
-  version "3.11.8"
-  resolved "https://registry.yarnpkg.com/@microsoft/dev-tunnels-ssh-keys/-/dev-tunnels-ssh-keys-3.11.8.tgz#4d70ff5999e1f247f628c24e345090bbb34b819f"
-  integrity sha512-ijYyKnE0osRS9olUJWuGumXO3Efjp97eXq/MVH4GNs9HZ4ACjLGs+gECXZKFM4Q6g2EfINXLla7HyK+FKeMUBA==
+"@microsoft/dev-tunnels-ssh-keys@^3.11.16":
+  version "3.11.16"
+  resolved "https://registry.yarnpkg.com/@microsoft/dev-tunnels-ssh-keys/-/dev-tunnels-ssh-keys-3.11.16.tgz#ba8197d6264ef2d33790c3c59cef794e2717a050"
+  integrity sha512-GaPKaewjnpCyLv3947FOjJluakVkAKVNh6+vDDGAG+ZWFPhYAgcEiOHTZOfJlmoUhYXFpCrQ5z8fiTDw5mW3Mw==
   dependencies:
     "@microsoft/dev-tunnels-ssh" "~3.11"
 
-"@microsoft/dev-tunnels-ssh-tcp@^3.11.8":
-  version "3.11.8"
-  resolved "https://registry.yarnpkg.com/@microsoft/dev-tunnels-ssh-tcp/-/dev-tunnels-ssh-tcp-3.11.8.tgz#e56865d352a58ae157e3bed91cb03c121c78a42d"
-  integrity sha512-ERTR4pPd4fLZjHziStT0V1D/9QC4+mkfax3eTj42fBgVZks9pQIoGy67o8vJGCnaF1/V56z5KIctIriN/wG+gQ==
+"@microsoft/dev-tunnels-ssh-tcp@^3.11.16":
+  version "3.11.16"
+  resolved "https://registry.yarnpkg.com/@microsoft/dev-tunnels-ssh-tcp/-/dev-tunnels-ssh-tcp-3.11.16.tgz#ea4f96686362913d2466d846502c50b321e04881"
+  integrity sha512-12D5sVDkI6kjoSUfBswsPYPuPJLbMoTAC+K8g+j4Yf9DeabbhR/wkdYyboIGPt2Tpb0SkAwVnuZLpPffAq4N/g==
   dependencies:
     "@microsoft/dev-tunnels-ssh" "~3.11"
 
-"@microsoft/dev-tunnels-ssh@^3.11.8", "@microsoft/dev-tunnels-ssh@~3.11":
-  version "3.11.8"
-  resolved "https://registry.yarnpkg.com/@microsoft/dev-tunnels-ssh/-/dev-tunnels-ssh-3.11.8.tgz#2a0e25bca006f1f097a2df63cdf4684d28d1ddca"
-  integrity sha512-71GmOBXy7JjDpL6tkVW4XI1+G4s7SdvMRvYPaXK1MBhBKm8sGLXqBb2xoOpjbY9/Y/gUzADEuwB7OyGlEAyWYw==
+"@microsoft/dev-tunnels-ssh@^3.11.16", "@microsoft/dev-tunnels-ssh@~3.11":
+  version "3.11.16"
+  resolved "https://registry.yarnpkg.com/@microsoft/dev-tunnels-ssh/-/dev-tunnels-ssh-3.11.16.tgz#53e15306181801ffee87f1bb6440beb346d5255e"
+  integrity sha512-OUvAhudpOS9Ms1C2Y3WkUpCRBsNvZJl6IQE04Ud9ZGg/VaF04QJQFWeXt3pYryJJtv3zy1V2aH9JnzMMvBjXfA==
   dependencies:
     buffer "^5.2.1"
     debug "^4.1.1"