This commit is contained in:
Graham Kelly 2023-06-08 16:24:04 -04:00
parent 9bc79f94e9
commit 1fc167ea58

View file

@ -1,7 +1,9 @@
package proto package proto
import ( import (
"bytes"
"context" "context"
"io"
"os" "os"
"os/exec" "os/exec"
@ -10,12 +12,37 @@ import (
"github.com/libp2p/go-libp2p/core/peer" "github.com/libp2p/go-libp2p/core/peer"
protocol "github.com/libp2p/go-libp2p/core/protocol" protocol "github.com/libp2p/go-libp2p/core/protocol"
"github.com/portal-co/portald/provision" "github.com/portal-co/portald/provision"
"golang.org/x/crypto/bcrypt"
) )
func HasHash(pws [][]byte, x []byte) bool {
for _, pw := range pws {
if bcrypt.CompareHashAndPassword(x, pw) == nil {
return true
}
}
return false
}
func ReadHash(pw [][]byte, x io.Reader) error {
var b [1]byte
h := bytes.NewBuffer([]byte{})
for !HasHash(pw, h.Bytes()) {
_, err := x.Read(b[:])
if err != nil {
return err
}
h.Write(b[:])
}
return nil
}
var BashId = "/p2p/portal-co-bash/0.0.1" var BashId = "/p2p/portal-co-bash/0.0.1"
func AddBash(h host.Host) { func AddBash(h host.Host, pw [][]byte) {
h.SetStreamHandler(protocol.ID(BashId), func(s network.Stream) { h.SetStreamHandler(protocol.ID(BashId), func(s network.Stream) {
if ReadHash(pw, s) != nil {
return
}
o, _ := os.MkdirTemp("/tmp", "portal-*") o, _ := os.MkdirTemp("/tmp", "portal-*")
defer os.RemoveAll(o) defer os.RemoveAll(o)
e := exec.Command("bwrap", "--unshare-all", "--share-net", "--ro-bind", "/", "/", "--ro-bind", "/ipfs", "/ipfs", "--dev /dev", "--proc", "/proc", "--tmp", "/tmp", "--bind", o, o, "/bin/bash") e := exec.Command("bwrap", "--unshare-all", "--share-net", "--ro-bind", "/", "/", "--ro-bind", "/ipfs", "/ipfs", "--dev /dev", "--proc", "/proc", "--tmp", "/tmp", "--bind", o, o, "/bin/bash")
@ -28,11 +55,19 @@ func AddBash(h host.Host) {
func GetBash(ctx context.Context, host host.Host, peer peer.ID) (network.Stream, error) { func GetBash(ctx context.Context, host host.Host, peer peer.ID) (network.Stream, error) {
return host.NewStream(ctx, peer, protocol.ID(BashId)) return host.NewStream(ctx, peer, protocol.ID(BashId))
} }
func RunIn(ctx context.Context, host host.Host, peer peer.ID, x provision.ProcessInputs) (provision.ProcessOutputs, error) { func RunIn(ctx context.Context, host host.Host, peer peer.ID, x provision.ProcessInputs, pw []byte) (provision.ProcessOutputs, error) {
s, err := GetBash(ctx, host, peer) s, err := GetBash(ctx, host, peer)
if err != nil { if err != nil {
return provision.ProcessOutputs{}, err return provision.ProcessOutputs{}, err
} }
defer s.Close() defer s.Close()
b, err := bcrypt.GenerateFromPassword(pw, bcrypt.DefaultCost)
if err != nil {
return provision.ProcessOutputs{}, err
}
_, err = s.Write(b)
if err != nil {
return provision.ProcessOutputs{}, err
}
return provision.Run(s, x) return provision.Run(s, x)
} }