2012-08-31 15:17:12 -04:00
{- git-annex assistant webapp configurator for ssh-based remotes
- Copyright 2012 Joey Hess <joey@kitenet.net>
2012-09-24 14:48:47 -04:00
- Licensed under the GNU AGPL version 3 or higher.
2012-08-31 15:17:12 -04:00
{-# LANGUAGE TypeFamilies, QuasiQuotes, MultiParamTypeClasses, TemplateHaskell, OverloadedStrings, RankNTypes #-}
module Assistant.WebApp.Configurators.Ssh where
import Assistant.Common
2012-09-10 15:20:18 -04:00
import Assistant.Ssh
2012-09-10 21:55:59 -04:00
import Assistant.MakeRemote
2012-08-31 15:17:12 -04:00
import Assistant.WebApp
2012-09-02 00:27:48 -04:00
import Assistant.WebApp.Types
2012-08-31 15:17:12 -04:00
import Assistant.WebApp.SideBar
import Utility.Yesod
2012-09-19 14:28:32 -04:00
import Utility.Rsync (rsyncUrlIsShell)
2012-09-13 16:47:44 -04:00
import Logs.Remote
import Remote
2012-10-10 15:35:10 -04:00
import Logs.PreferredContent
2012-10-10 16:04:28 -04:00
import Types.StandardGroups
2012-08-31 15:17:12 -04:00
import Yesod
import Data.Text (Text)
import qualified Data.Text as T
2012-09-13 16:47:44 -04:00
import qualified Data.Map as M
2012-09-29 12:49:23 -04:00
import Network.Socket
2012-08-31 18:59:57 -04:00
import System.Posix.User
2012-08-31 15:17:12 -04:00
2012-09-02 15:21:40 -04:00
sshConfigurator :: Widget -> Handler RepHtml
sshConfigurator a = bootstrap (Just Config) $ do
setTitle "Add a remote server"
2012-09-13 16:47:44 -04:00
data SshInput = SshInput
2012-08-31 18:59:57 -04:00
{ hostname :: Maybe Text
, username :: Maybe Text
, directory :: Maybe Text
2012-09-02 00:27:48 -04:00
deriving (Show)
2012-09-01 21:10:40 -04:00
2012-09-13 16:47:44 -04:00
{- SshInput is only used for applicative form prompting, this converts
2012-09-04 15:27:06 -04:00
- the result of such a form into a SshData. -}
2012-09-13 16:47:44 -04:00
mkSshData :: SshInput -> SshData
mkSshData s = SshData
{ sshHostName = fromMaybe "" $ hostname s
, sshUserName = username s
, sshDirectory = fromMaybe "" $ directory s
2012-09-10 17:53:51 -04:00
, sshRepoName = genSshRepoName
2012-09-13 16:47:44 -04:00
(T.unpack $ fromJust $ hostname s)
(maybe "" T.unpack $ directory s)
2012-09-04 15:27:06 -04:00
, needsPubKey = False
, rsyncOnly = False
2012-09-13 16:47:44 -04:00
sshInputAForm :: SshInput -> AForm WebApp WebApp SshInput
sshInputAForm def = SshInput
<$> aopt check_hostname "Host name" (Just $ hostname def)
<*> aopt check_username "User name" (Just $ username def)
<*> aopt textField "Directory" (Just $ Just $ fromMaybe (T.pack gitAnnexAssistantDefaultDir) $ directory def)
2012-08-31 18:59:57 -04:00
check_hostname = checkM (liftIO . checkdns) textField
checkdns t = do
let h = T.unpack t
2012-09-29 12:49:23 -04:00
r <- catchMaybeIO $ getAddrInfo canonname (Just h) Nothing
2012-09-29 16:22:53 -04:00
return $ case catMaybes . map addrCanonName <$> r of
2012-08-31 18:59:57 -04:00
-- canonicalize input hostname if it had no dot
2012-09-29 16:22:53 -04:00
Just (fullname:_)
2012-08-31 18:59:57 -04:00
| '.' `elem` h -> Right t
2012-09-29 12:49:23 -04:00
| otherwise -> Right $ T.pack fullname
2012-09-29 16:22:53 -04:00
Just [] -> Right t
2012-08-31 18:59:57 -04:00
Nothing -> Left bad_hostname
2012-09-29 16:22:53 -04:00
canonname = Just $ defaultHints { addrFlags = [AI_CANONNAME] }
2012-08-31 18:59:57 -04:00
check_username = checkBool (all (`notElem` "/:@ \t") . T.unpack)
bad_username textField
bad_hostname = "cannot resolve host name" :: Text
bad_username = "bad user name" :: Text
data ServerStatus
= UntestedServer
| UnusableServer Text -- reason why it's not usable
| UsableRsyncServer
2012-09-13 16:47:44 -04:00
| UsableSshInput
2012-09-02 00:27:48 -04:00
deriving (Eq)
2012-08-31 18:59:57 -04:00
2012-09-01 20:37:35 -04:00
usable :: ServerStatus -> Bool
usable UntestedServer = False
usable (UnusableServer _) = False
usable UsableRsyncServer = True
2012-09-13 16:47:44 -04:00
usable UsableSshInput = True
2012-08-31 18:59:57 -04:00
getAddSshR :: Handler RepHtml
2012-09-02 15:21:40 -04:00
getAddSshR = sshConfigurator $ do
2012-08-31 18:59:57 -04:00
u <- liftIO $ T.pack . userName
<$> (getUserEntryForID =<< getEffectiveUserID)
((result, form), enctype) <- lift $
2012-09-13 16:47:44 -04:00
runFormGet $ renderBootstrap $ sshInputAForm $
SshInput Nothing (Just u) Nothing
2012-08-31 18:59:57 -04:00
case result of
2012-09-13 16:47:44 -04:00
FormSuccess sshinput -> do
s <- liftIO $ testServer sshinput
case s of
Left status -> showform form enctype status
Right sshdata -> lift $ redirect $ ConfirmSshR sshdata
2012-08-31 18:59:57 -04:00
_ -> showform form enctype UntestedServer
showform form enctype status = do
let authtoken = webAppFormAuthToken
2012-09-08 23:32:08 -04:00
$(widgetFile "configurators/ssh/add")
2012-08-31 18:59:57 -04:00
2012-09-13 16:47:44 -04:00
{- To enable an existing rsync special remote, parse the SshInput from
- its rsyncurl, and display a form whose only real purpose is to check
- if ssh public keys need to be set up. From there, we can proceed with
- the usual repo setup; all that code is idempotent.
- Note that there's no EnableSshR because ssh remotes are not special
- remotes, and so their configuration is not shared between repositories.
getEnableRsyncR :: UUID -> Handler RepHtml
getEnableRsyncR u = do
m <- runAnnex M.empty readRemoteLog
case parseSshRsyncUrl =<< M.lookup "rsyncurl" =<< M.lookup u m of
Nothing -> redirect AddSshR
Just sshinput -> sshConfigurator $ do
((result, form), enctype) <- lift $
runFormGet $ renderBootstrap $ sshInputAForm sshinput
case result of
FormSuccess sshinput'
| isRsyncNet (hostname sshinput') ->
2012-10-09 14:24:17 -04:00
void $ lift $ makeRsyncNet sshinput' (const noop)
2012-09-13 16:47:44 -04:00
| otherwise -> do
s <- liftIO $ testServer sshinput'
case s of
Left status -> showform form enctype status
Right sshdata -> enable sshdata
_ -> showform form enctype UntestedServer
showform form enctype status = do
description <- lift $ runAnnex "" $
T.pack . concat <$> prettyListUUIDs [u]
let authtoken = webAppFormAuthToken
$(widgetFile "configurators/ssh/enable")
enable sshdata =
lift $ redirect $ ConfirmSshR $
sshdata { rsyncOnly = True }
{- Converts a rsyncurl value to a SshInput. But only if it's a ssh rsync
- url; rsync:// urls or bare path names are not supported.
- The hostname is stored mangled in the remote log for rsync special
- remotes configured by this webapp. So that mangling has to reversed
- here to get back the original hostname.
parseSshRsyncUrl :: String -> Maybe SshInput
parseSshRsyncUrl u
| not (rsyncUrlIsShell u) = Nothing
| otherwise = Just $ SshInput
{ hostname = val $ unMangleSshHostName host
, username = if null user then Nothing else val user
, directory = val dir
val = Just . T.pack
(userhost, dir) = separate (== ':') u
(user, host) = if '@' `elem` userhost
then separate (== '@') userhost
else (userhost, "")
2012-09-01 20:37:35 -04:00
{- Test if we can ssh into the server.
- Two probe attempts are made. First, try sshing in using the existing
2012-09-01 21:10:40 -04:00
- configuration, but don't let ssh prompt for any password. If
2012-09-01 20:37:35 -04:00
- passwordless login is already enabled, use it. Otherwise,
2012-09-02 20:43:32 -04:00
- a special ssh key will need to be generated just for this server.
2012-09-01 20:37:35 -04:00
2012-09-01 21:10:40 -04:00
- Once logged into the server, probe to see if git-annex-shell is
2012-09-26 18:59:18 -04:00
- available, or rsync. Note that on OSX, ~/.ssh/git-annex-shell may be
- present, while git-annex-shell is not in PATH.
2012-09-01 20:37:35 -04:00
2012-09-13 16:47:44 -04:00
testServer :: SshInput -> IO (Either ServerStatus SshData)
testServer (SshInput { hostname = Nothing }) = return $
Left $ UnusableServer "Please enter a host name."
testServer sshinput@(SshInput { hostname = Just hn }) = do
2012-09-04 15:27:06 -04:00
status <- probe [sshOpt "NumberOfPasswordPrompts" "0"]
2012-09-01 20:37:35 -04:00
if usable status
2012-09-13 16:47:44 -04:00
then ret status False
2012-09-01 20:37:35 -04:00
else do
2012-09-04 15:27:06 -04:00
status' <- probe []
2012-09-13 16:47:44 -04:00
if usable status'
then ret status' True
else return $ Left status'
2012-09-01 20:37:35 -04:00
2012-09-13 16:47:44 -04:00
ret status needspubkey = return $ Right $
(mkSshData sshinput)
{ needsPubKey = needspubkey
, rsyncOnly = status == UsableRsyncServer
2012-09-04 15:27:06 -04:00
probe extraopts = do
2012-09-13 00:57:52 -04:00
let remotecommand = join ";"
2012-09-01 20:37:35 -04:00
[ report "loggedin"
, checkcommand "git-annex-shell"
, checkcommand "rsync"
2012-09-26 18:59:18 -04:00
, checkcommand osx_shim
2012-09-01 20:37:35 -04:00
2012-09-10 21:55:59 -04:00
knownhost <- knownHost hn
2012-09-04 15:27:06 -04:00
let sshopts = filter (not . null) $ extraopts ++
2012-09-01 20:37:35 -04:00
{- If this is an already known host, let
- ssh check it as usual.
- Otherwise, trust the host key. -}
2012-09-04 15:27:06 -04:00
[ if knownhost then "" else sshOpt "StrictHostKeyChecking" "no"
2012-09-01 20:37:35 -04:00
, "-n" -- don't read from stdin
2012-09-13 16:47:44 -04:00
, genSshHost (fromJust $ hostname sshinput) (username sshinput)
2012-09-01 20:37:35 -04:00
, remotecommand
2012-09-04 15:27:06 -04:00
parsetranscript . fst <$> sshTranscript sshopts ""
2012-09-01 20:37:35 -04:00
parsetranscript s
2012-09-13 16:47:44 -04:00
| reported "git-annex-shell" = UsableSshInput
2012-09-26 18:59:18 -04:00
| reported osx_shim = UsableSshInput
2012-09-01 20:37:35 -04:00
| reported "rsync" = UsableRsyncServer
| reported "loggedin" = UnusableServer
"Neither rsync nor git-annex are installed on the server. Perhaps you should go install them?"
| otherwise = UnusableServer $ T.pack $
"Failed to ssh to the server. Transcript: " ++ s
reported r = token r `isInfixOf` s
checkcommand c = "if which " ++ c ++ "; then " ++ report c ++ "; fi"
token r = "git-annex-probe " ++ r
report r = "echo " ++ token r
2012-09-26 18:59:18 -04:00
osx_shim = "~/.ssh/git-annex-shell"
2012-09-04 15:27:06 -04:00
{- Runs a ssh command; if it fails shows the user the transcript,
- and if it succeeds, runs an action. -}
sshSetup :: [String] -> String -> Handler RepHtml -> Handler RepHtml
sshSetup opts input a = do
(transcript, ok) <- liftIO $ sshTranscript opts input
if ok
then a
else showSshErr transcript
showSshErr :: String -> Handler RepHtml
showSshErr msg = sshConfigurator $
2012-09-08 23:32:08 -04:00
$(widgetFile "configurators/ssh/error")
2012-09-04 15:27:06 -04:00
2012-09-02 00:27:48 -04:00
getConfirmSshR :: SshData -> Handler RepHtml
2012-09-02 15:21:40 -04:00
getConfirmSshR sshdata = sshConfigurator $ do
2012-09-02 00:27:48 -04:00
let authtoken = webAppFormAuthToken
2012-09-08 23:32:08 -04:00
$(widgetFile "configurators/ssh/confirm")
2012-09-02 00:27:48 -04:00
2012-09-02 17:32:24 -04:00
getMakeSshGitR :: SshData -> Handler RepHtml
2012-10-09 14:24:17 -04:00
getMakeSshGitR = makeSsh False setupGroup
2012-09-02 17:32:24 -04:00
getMakeSshRsyncR :: SshData -> Handler RepHtml
2012-10-09 14:24:17 -04:00
getMakeSshRsyncR = makeSsh True setupGroup
2012-09-02 17:32:24 -04:00
2012-10-09 14:24:17 -04:00
makeSsh :: Bool -> (Remote -> Handler ()) -> SshData -> Handler RepHtml
makeSsh rsync setup sshdata
2012-09-02 20:43:32 -04:00
| needsPubKey sshdata = do
2012-09-13 00:57:52 -04:00
keypair <- liftIO genSshKeyPair
2012-09-10 14:42:46 -04:00
sshdata' <- liftIO $ setupSshKeyPair keypair sshdata
2012-10-09 14:24:17 -04:00
makeSsh' rsync setup sshdata' (Just keypair)
| otherwise = makeSsh' rsync setup sshdata Nothing
2012-09-02 20:43:32 -04:00
2012-10-09 14:24:17 -04:00
makeSsh' :: Bool -> (Remote -> Handler ()) -> SshData -> Maybe SshKeyPair -> Handler RepHtml
makeSsh' rsync setup sshdata keypair =
2012-09-04 15:27:06 -04:00
sshSetup [sshhost, remoteCommand] "" $
2012-10-09 14:24:17 -04:00
makeSshRepo rsync setup sshdata
2012-09-02 00:27:48 -04:00
2012-09-02 15:21:40 -04:00
sshhost = genSshHost (sshHostName sshdata) (sshUserName sshdata)
remotedir = T.unpack $ sshDirectory sshdata
remoteCommand = join "&&" $ catMaybes
[ Just $ "mkdir -p " ++ shellEscape remotedir
, Just $ "cd " ++ shellEscape remotedir
2012-09-13 00:57:52 -04:00
, if rsync then Nothing else Just "git init --bare --shared"
, if rsync then Nothing else Just "git annex init"
2012-09-10 17:53:51 -04:00
, if needsPubKey sshdata
2012-09-13 00:57:52 -04:00
then addAuthorizedKeysCommand (rsyncOnly sshdata) . sshPubKey <$> keypair
2012-09-10 17:53:51 -04:00
else Nothing
2012-09-02 00:27:48 -04:00
2012-09-04 15:27:06 -04:00
2012-10-09 14:24:17 -04:00
makeSshRepo :: Bool -> (Remote -> Handler ()) -> SshData -> Handler RepHtml
makeSshRepo forcersync setup sshdata = do
2012-09-10 21:55:59 -04:00
webapp <- getYesod
2012-10-09 14:24:17 -04:00
r <- liftIO $ makeSshRemote
2012-09-10 21:55:59 -04:00
(fromJust $ threadState webapp)
(daemonStatus webapp)
(scanRemotes webapp)
forcersync sshdata
2012-10-09 14:24:17 -04:00
setup r
2012-10-11 17:35:08 -04:00
redirect $ EditRepositoryR $ Remote.uuid r
2012-09-02 17:32:24 -04:00
2012-09-03 00:39:55 -04:00
getAddRsyncNetR :: Handler RepHtml
2012-09-04 15:27:06 -04:00
getAddRsyncNetR = do
((result, form), enctype) <- runFormGet $
2012-09-13 16:47:44 -04:00
renderBootstrap $ sshInputAForm $
SshInput Nothing Nothing Nothing
2012-09-04 15:27:06 -04:00
let showform status = bootstrap (Just Config) $ do
setTitle "Add a Rsync.net repository"
2012-09-03 00:39:55 -04:00
let authtoken = webAppFormAuthToken
$(widgetFile "configurators/addrsync.net")
case result of
2012-09-13 16:47:44 -04:00
FormSuccess sshinput
| isRsyncNet (hostname sshinput) ->
2012-10-09 14:24:17 -04:00
makeRsyncNet sshinput setupGroup
2012-09-13 16:47:44 -04:00
| otherwise ->
showform $ UnusableServer
"That is not a rsync.net host name."
2012-09-03 00:39:55 -04:00
_ -> showform UntestedServer
2012-09-13 16:47:44 -04:00
2012-10-09 14:24:17 -04:00
makeRsyncNet :: SshInput -> (Remote -> Handler ()) -> Handler RepHtml
makeRsyncNet sshinput setup = do
2012-09-13 16:47:44 -04:00
knownhost <- liftIO $ maybe (return False) knownHost (hostname sshinput)
keypair <- liftIO $ genSshKeyPair
sshdata <- liftIO $ setupSshKeyPair keypair $
(mkSshData sshinput)
{ sshRepoName = "rsync.net"
, needsPubKey = True
, rsyncOnly = True
{- I'd prefer to separate commands with && , but
- rsync.net's shell does not support that.
- The dd method of appending to the authorized_keys file is the
- one recommended by rsync.net documentation. I touch the file first
- to not need to use a different method to create it.
let remotecommand = join ";"
[ "mkdir -p .ssh"
, "touch .ssh/authorized_keys"
, "dd of=.ssh/authorized_keys oflag=append conv=notrunc"
, "mkdir -p " ++ T.unpack (sshDirectory sshdata)
let sshopts = filter (not . null)
[ if knownhost then "" else sshOpt "StrictHostKeyChecking" "no"
, genSshHost (sshHostName sshdata) (sshUserName sshdata)
, remotecommand
sshSetup sshopts (sshPubKey keypair) $
2012-10-09 14:24:17 -04:00
makeSshRepo True setup sshdata
2012-09-13 16:47:44 -04:00
isRsyncNet :: Maybe Text -> Bool
isRsyncNet Nothing = False
isRsyncNet (Just host) = ".rsync.net" `T.isSuffixOf` T.toLower host
2012-10-09 14:24:17 -04:00
setupGroup :: Remote -> Handler ()
2012-10-10 15:27:25 -04:00
setupGroup r = runAnnex () $ setStandardGroup (Remote.uuid r) TransferGroup