ssh: convert to pan, misc fixes and cleanup

- update pty dependency (old version is broken for go >= 1.15)
- redo the path policy and selector configuration, now based on pan.
  Make more useful selectors available.
  Drop related helper packages, merge ssh/sssh into ssh/client/ssh (the
  package organization here is still rather wacky).
- Now uses quicutils.SingleStream, making this incompatible with
  previous versions.
- when executing a command, don't set Uid/Gid if the selected user
  is already the current user. Only appears to work when sshd is run
  with root otherwise.
- misc fixes and cleanup related to logging and error handling
- clean up import order

Replace the custom

Author: matzf

go.mod

@@ -4,10 +4,10 @@ go 1.16
 
 require (
 	github.com/bclicn/color v0.0.0-20180711051946-108f2023dc84
+	github.com/creack/pty v1.1.17
 	github.com/gorilla/handlers v1.5.1
 	github.com/inconshreveable/log15 v0.0.0-20180818164646-67afb5ed74ec
 	github.com/kormat/fmt15 v0.0.0-20181112140556-ee69fecb2656
-	github.com/kr/pty v1.1.8
 	github.com/lucas-clemente/quic-go v0.23.0
 	github.com/mattn/go-sqlite3 v1.14.4
 	github.com/msteinert/pam v0.0.0-20190215180659-f29b9f28d6f9

go.sum

@@ -132,8 +132,9 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
-github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
+github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -394,8 +395,6 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA=
-github.com/kr/pty v1.1.8 h1:AkaSdXYQOWeaO3neb8EM634ahkXXe3jYbVh/F9lq+GI=
-github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=

ssh/client/clientconfig/clientconfig_test.go

@@ -19,8 +19,9 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/netsec-ethz/scion-apps/ssh/config"
 	. "github.com/smartystreets/goconvey/convey"
+
+	"github.com/netsec-ethz/scion-apps/ssh/config"
 )
 
 func TestDefaultConfig(t *testing.T) {

ssh/client/main.go

@@ -15,9 +15,8 @@
 package main
 
 import (
-	"encoding/json"
+	"context"
 	"fmt"
-	"io/ioutil"
 	golog "log"
 	"net"
 	"os"
@@ -28,13 +27,12 @@ import (
 	log "github.com/inconshreveable/log15"
 	"golang.org/x/term"
 	"gopkg.in/alecthomas/kingpin.v2"
+	"inet.af/netaddr"
 
-	"github.com/scionproto/scion/go/lib/pathpol"
-
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
 	"github.com/netsec-ethz/scion-apps/ssh/client/clientconfig"
 	"github.com/netsec-ethz/scion-apps/ssh/client/ssh"
 	"github.com/netsec-ethz/scion-apps/ssh/config"
-	"github.com/netsec-ethz/scion-apps/ssh/scionutils"
 	"github.com/netsec-ethz/scion-apps/ssh/utils"
 )
 
@@ -46,9 +44,12 @@ var (
 	localForward  = kingpin.Flag("local-forward", "Forward remote address connections to listening port. Format: listening_port:remote_address").Short('L').String()
 	options       = kingpin.Flag("option", "Set an option").Short('o').Strings()
 	configFiles   = kingpin.Flag("config", "Configuration files").Short('c').Default("/etc/ssh/ssh_config", "~/.ssh/config").Strings()
-	policyFile    = kingpin.Flag("policy-file", "Path to the JSON policy file").Default("").String()
-	policyName    = kingpin.Flag("policy-name", "Name of policy to be applied.").Default("").String()
-	pathSelection = kingpin.Flag("selection", "Path selection mode").Default("arbitrary").Enum("static", "arbitrary", "random", "round-robin")
+	interactive   = kingpin.Flag("interactive", "Prompt user for interactive path selection").Bool()
+	sequence      = kingpin.Flag("sequence", "Sequence of space separated hop predicates to specify path").Default("").String()
+	preference    = kingpin.Flag("preference", "Preference sorting order for paths. "+
+		"Comma-separated list of available sorting options: "+
+		strings.Join(pan.AvailablePreferencePolicies, "|")).Default("").String()
+	pathSelector = kingpin.Flag("selector", "Path selection mode").Default("default").Enum(ssh.AvailablePathSelectors...)
 
 	// TODO: additional file paths
 	knownHostsFile = kingpin.Flag("known-hosts", "File where known hosts are stored").ExistingFile()
@@ -145,37 +146,20 @@ func main() {
 	if remoteUsername == "" {
 		remoteUsername = localUser.Username
 	}
-	var policyMap pathpol.PolicyMap
-	var policy *pathpol.Policy
-	if *policyFile != "" {
-		file, err := ioutil.ReadFile(*policyFile)
-		if err != nil {
-			golog.Panicf("Cannot read policy file: %v", err)
-		}
-		err = json.Unmarshal(file, &policyMap)
-		if err != nil {
-			golog.Panicf("Cannot unmarshal policy form file: %v", err)
-		}
-		extPolicy, policyExists := policyMap[*policyName]
-
-		if !policyExists {
-			golog.Panicf("No policy with name %s exists", *policyName)
-		}
-		policy = extPolicy.Policy
-	}
-	appConf, err := scionutils.NewPathAppConf(policy, *pathSelection)
+	sshClient, err := ssh.Create(remoteUsername, conf, PromptPassword, verifyNewKeyHandler)
 	if err != nil {
-		golog.Panicf("Invalid application config: %v", err)
+		golog.Panicf("Error creating ssh client: %v", err)
 	}
 
-	sshClient, err := ssh.Create(remoteUsername, conf, PromptPassword, verifyNewKeyHandler, appConf)
+	policy, err := pan.PolicyFromCommandline(*sequence, *preference, *interactive)
 	if err != nil {
-		golog.Panicf("Error creating ssh client: %v", err)
+		golog.Fatal(err)
 	}
 
 	serverAddress := fmt.Sprintf("%s:%v", conf.HostAddress, conf.Port)
 
-	err = sshClient.Connect(serverAddress)
+	ctx := context.Background()
+	err = sshClient.Connect(ctx, serverAddress, policy, *pathSelector)
 	if err != nil {
 		golog.Panicf("Error connecting: %v", err)
 	}
@@ -189,7 +173,8 @@ func main() {
 			golog.Panicf("Error parsing forwarding port: %v", err)
 		}
 
-		err = sshClient.StartTunnel(uint16(port), localForward[1])
+		local := netaddr.IPPortFrom(netaddr.IP{}, uint16(port))
+		err = sshClient.StartTunnel(local, localForward[1])
 		if err != nil {
 			golog.Panicf("Error starting tunnel: %v", err)
 		}
@@ -204,7 +189,7 @@ func main() {
 			golog.Panicf("Error starting shell: %v", err)
 		}
 	} else {
-		log.Debug("Running command: %s", runCommand)
+		log.Debug("Running command", "cmd", runCommand)
 
 		err = sshClient.ConnectPipes(os.Stdin, os.Stdout)
 		if err != nil {

ssh/client/ssh/knownhosts/knownhosts.go

@@ -29,7 +29,7 @@ import (
 
 	"golang.org/x/crypto/ssh"
 
-	"github.com/netsec-ethz/scion-apps/pkg/appnet"
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
 )
 
 // See the sshd manpage
@@ -151,7 +151,7 @@ func keyEq(a, b ssh.PublicKey) bool {
 
 // IsAuthorityForHost can be used as a callback in ssh.CertChecker
 func (db *hostKeyDB) IsHostAuthority(remote ssh.PublicKey, address string) bool {
-	h, p, err := appnet.SplitHostPort(address)
+	h, p, err := pan.SplitHostPort(address)
 	if err != nil {
 		return false
 	}
@@ -272,7 +272,7 @@ func newHostnameMatcher(pattern string) (matcher, error) {
 		}
 
 		var err error
-		a.host, a.port, err = appnet.SplitHostPort(p)
+		a.host, a.port, err = pan.SplitHostPort(p)
 		if err != nil {
 			a.host = p
 			a.port = "22"
@@ -331,7 +331,7 @@ func (db *hostKeyDB) check(address string, remote net.Addr, remoteKey ssh.Public
 		return &RevokedError{Revoked: *revoked}
 	}
 
-	host, port, err := appnet.SplitHostPort(remote.String())
+	host, port, err := pan.SplitHostPort(remote.String())
 	if err != nil {
 		return fmt.Errorf("knownhosts: SplitHostPort(%s): %v", remote, err)
 	}
@@ -341,7 +341,7 @@ func (db *hostKeyDB) check(address string, remote net.Addr, remoteKey ssh.Public
 	}
 
 	if address != "" {
-		host, port, err := appnet.SplitHostPort(address)
+		host, port, err := pan.SplitHostPort(address)
 		if err != nil {
 			return fmt.Errorf("knownhosts: SplitHostPort(%s): %v", address, err)
 		}
@@ -435,7 +435,7 @@ func New(files ...string) (ssh.HostKeyCallback, error) {
 
 // Normalize normalizes an address into the form used in known_hosts
 func Normalize(address string) string {
-	host, port, err := appnet.SplitHostPort(address)
+	host, port, err := pan.SplitHostPort(address)
 	if err != nil {
 		host = address
 		port = "22"

ssh/client/ssh/scion.go

@@ -0,0 +1,83 @@
+// Copyright 2020 ETH Zurich
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ssh
+
+import (
+	"context"
+	"crypto/tls"
+
+	"github.com/lucas-clemente/quic-go"
+	"golang.org/x/crypto/ssh"
+	"inet.af/netaddr"
+
+	"github.com/netsec-ethz/scion-apps/pkg/pan"
+	"github.com/netsec-ethz/scion-apps/pkg/quicutil"
+)
+
+// dialSCION starts a client connection to the given SSH server over SCION using QUIC.
+func dialSCION(ctx context.Context,
+	addr string,
+	policy pan.Policy,
+	selector string,
+	config *ssh.ClientConfig) (*ssh.Client, error) {
+
+	remote, err := pan.ResolveUDPAddr(addr)
+	if err != nil {
+		return nil, err
+	}
+	sel, err := selectorByName(selector)
+	if err != nil {
+		return nil, err
+	}
+	tlsConf := &tls.Config{
+		NextProtos:         []string{quicutil.SingleStreamProto},
+		InsecureSkipVerify: true,
+	}
+	quicConf := &quic.Config{
+		KeepAlive: true,
+	}
+	sess, err := pan.DialQUIC(ctx, netaddr.IPPort{}, remote, policy, sel, "", tlsConf, quicConf)
+	if err != nil {
+		return nil, err
+	}
+	stream, err := quicutil.NewSingleStream(sess)
+	if err != nil {
+		return nil, err
+	}
+	conn, nc, rc, err := ssh.NewClientConn(stream, addr, config)
+	if err != nil {
+		return nil, err
+	}
+	return ssh.NewClient(conn, nc, rc), nil
+}
+
+// tunnelDialSCION creates a tunnel using the given SSH client.
+func tunnelDialSCION(client *ssh.Client, addr string) (ssh.Channel, error) {
+	openChannelData := directSCIONData{
+		addr: addr,
+	}
+
+	c, requests, err := client.OpenChannel("direct-scionquic", ssh.Marshal(&openChannelData))
+	if err != nil {
+		return nil, err
+	}
+
+	go ssh.DiscardRequests(requests)
+	return c, nil
+}
+
+type directSCIONData struct {
+	addr string
+}