git.delta.rocks / remowt / refs/commits / 11447649e1e7

difftreelog

feat remowt user identity

nulpnyxpYaroslav Bolyukin3 days agoparent: #075f103.patch.diff
in: trunk

5 files changed

modifiedCargo.lockdiffbeforeafterboth
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -308,9 +308,9 @@
 
 [[package]]
 name = "bifrostlink"
-version = "0.2.6"
+version = "0.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2fb01af731c11dd31b23783a83a36a29f644cc1972481f6fa4f4fabc709079eb"
+checksum = "0c8ce9dc1425ee2aaffd3324548f114acccd456b9b1ffb33fe9eb9a7be6475a8"
 dependencies = [
  "async-trait",
  "async_fn_traits",
@@ -322,14 +322,13 @@
  "serde_json",
  "tokio",
  "tracing",
- "uuid",
 ]
 
 [[package]]
 name = "bifrostlink-macros"
-version = "0.2.6"
+version = "0.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8c4b7a5fb38b36bd81910c17ebf369f9296e508d92b1277a768a63c8a2254fdb"
+checksum = "a7d071add2d3b90486fe141edb2e811f7735155d320aee3936ebd67e535d6ac1"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -338,9 +337,9 @@
 
 [[package]]
 name = "bifrostlink-ports"
-version = "0.2.6"
+version = "0.2.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "977acfcb8ed3c24ab7c2f76fb3eeebff1533c72708733ce6020f2501980b7cf2"
+checksum = "ccf6ba32d0ff83b27a242f9d2fca124ad215ddd9bf99144d66b7ca44a885de50"
 dependencies = [
  "bifrostlink",
  "bytes",
@@ -1777,7 +1776,7 @@
 
 [[package]]
 name = "polkit-backend"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "anyhow",
  "clap",
@@ -1951,7 +1950,7 @@
 
 [[package]]
 name = "remowt-agent"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "anyhow",
  "bifrostlink",
@@ -1976,7 +1975,7 @@
 
 [[package]]
 name = "remowt-client"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "anyhow",
  "bifrostlink",
@@ -1998,7 +1997,7 @@
 
 [[package]]
 name = "remowt-endpoints"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "bifrostlink",
  "camino",
@@ -2013,7 +2012,7 @@
 
 [[package]]
 name = "remowt-link-shared"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "bifrostlink",
  "bytes",
@@ -2027,7 +2026,7 @@
 
 [[package]]
 name = "remowt-plugin"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "anyhow",
  "bifrostlink",
@@ -2040,7 +2039,7 @@
 
 [[package]]
 name = "remowt-polkit-shared"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "nix",
  "serde",
@@ -2049,7 +2048,7 @@
 
 [[package]]
 name = "remowt-ssh"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "anyhow",
  "clap",
@@ -2064,7 +2063,7 @@
 
 [[package]]
 name = "remowt-ui-prompt"
-version = "0.1.7"
+version = "0.1.8"
 dependencies = [
  "anyhow",
  "bifrostlink",
modifiedCargo.tomldiffbeforeafterboth
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,18 +3,18 @@
 resolver = "2"
 
 [workspace.package]
-version = "0.1.7"
+version = "0.1.8"
 license = "MIT"
 edition = "2021"
 repository = "https://git.delta.rocks/r/remowt"
 
 [workspace.dependencies]
-remowt-client = { version = "0.1.7", path = "crates/remowt-client" }
-remowt-polkit-shared = { version = "0.1.7", path = "crates/polkit-shared" }
-remowt-link-shared = { version = "0.1.7", path = "crates/remowt-link-shared" }
-remowt-plugin = { version = "0.1.7", path = "crates/remowt-plugin" }
-remowt-ui-prompt = { version = "0.1.7", path = "crates/remowt-ui-prompt" }
-remowt-endpoints = { version = "0.1.7", path = "crates/remowt-endpoints" }
+remowt-client = { version = "0.1.8", path = "crates/remowt-client" }
+remowt-polkit-shared = { version = "0.1.8", path = "crates/polkit-shared" }
+remowt-link-shared = { version = "0.1.8", path = "crates/remowt-link-shared" }
+remowt-plugin = { version = "0.1.8", path = "crates/remowt-plugin" }
+remowt-ui-prompt = { version = "0.1.8", path = "crates/remowt-ui-prompt" }
+remowt-endpoints = { version = "0.1.8", path = "crates/remowt-endpoints" }
 
 bifrostlink = "0.2.0"
 bifrostlink-macros = "0.2.0"
modifiedcmds/remowt-ssh/src/main.rsdiffbeforeafterboth
before · cmds/remowt-ssh/src/main.rs
1use std::borrow::Cow;2use std::env::VarError;3use std::io;4use std::os::fd::{AsRawFd, RawFd};5use std::path::PathBuf;6use std::pin::Pin;7use std::task::{Context, Poll};89use anyhow::anyhow;10use clap::Parser;11use nix::libc;12use nix::sys::termios::{self, SetArg, Termios};13use remowt_client::editor::SshEditor;14use remowt_client::{AgentBundle, Remowt};15use remowt_link_shared::editor::serve_editor;16use remowt_ui_prompt::auto::AutoPrompter;17use remowt_ui_prompt::bifrost::serve_prompts;18use remowt_ui_prompt::{PrependSourcePrompter, Source};19use tokio::io::unix::AsyncFd;20use tokio::io::{AsyncRead, ReadBuf};21use tokio::signal::unix::{signal, SignalKind};22use tracing::debug;2324#[derive(Parser)]25enum Opts {26	/// Connect to remote host with remowt agent.27	Ssh {28		host: String,29		#[arg(long)]30		escalate: bool,31	},32	/// Connect to local host for testing the connectivity.33	Local {34		#[arg(long)]35		escalate: bool,36	},37}3839fn agents_dir() -> anyhow::Result<PathBuf> {40	std::env::var_os("REMOWT_AGENTS_DIR")41		.map(PathBuf::from)42		.or_else(|| option_env!("REMOWT_AGENTS_DIR").map(PathBuf::from))43		.ok_or_else(|| anyhow!("no remowt-agents bundle"))44}4546#[tokio::main(flavor = "current_thread")]47async fn main() -> anyhow::Result<()> {48	tracing_subscriber::fmt()49		.with_writer(std::io::stderr)50		.without_time()51		.init();52	let opts = Opts::parse();5354	let bundle = AgentBundle::from_dir(agents_dir()?)?;55	let (conn, escalate) = match &opts {56		Opts::Ssh { host, escalate } => (Remowt::connect(host, &bundle).await?, *escalate),57		Opts::Local { escalate } => (Remowt::connect_local(&bundle).await?, *escalate),58	};59	let mut rpc = conn.rpc();6061	serve_prompts(62		&mut rpc,63		PrependSourcePrompter {64			prompter: AutoPrompter::new().await,65			source: match opts {66				Opts::Ssh { host, .. } => vec![Source(Cow::Owned(format!("ssh host: {}", host)))],67				Opts::Local { .. } => vec![],68			},69			description: "".to_owned(),70		},71	);72	if let Some(sess) = conn.ssh() {73		serve_editor(&mut rpc, SshEditor { sess });74	}7576	debug!("entering shell");77	run_shell(&conn, escalate).await?;78	debug!("shell ended");7980	Ok(())81}8283async fn run_shell(conn: &Remowt, escalate: bool) -> anyhow::Result<()> {84	let term = match std::env::var("TERM") {85		Ok(v) => v,86		Err(VarError::NotPresent) => "xterm-256color".to_owned(),87		Err(e) => return Err(e.into()),88	};89	let (cols, rows) = term_size().unwrap_or((80, 24));9091	let shell = conn.open_shell(&term, cols, rows, escalate).await?;92	let resizer = shell.resizer();93	let stream = shell.stream;9495	let _raw = RawMode::enable();9697	if let Ok(mut winch) = signal(SignalKind::window_change()) {98		tokio::spawn(async move {99			while winch.recv().await.is_some() {100				if let Some((cols, rows)) = term_size() {101					let _ = resizer.resize(cols, rows).await;102				}103			}104		});105	}106107	let (mut from_remote, mut to_remote) = tokio::io::split(stream);108	let mut stdin = AsyncStdin::new()?;109	let mut stdout = tokio::io::stdout();110111	tokio::select! {112		r = tokio::io::copy(&mut from_remote, &mut stdout) => { r?; }113		_ = tokio::io::copy(&mut stdin, &mut to_remote) => {}114	}115116	Ok(())117}118119struct AsyncStdin {120	fd: AsyncFd<RawFd>,121	original_flags: i32,122}123124impl AsyncStdin {125	fn new() -> io::Result<Self> {126		let raw = libc::STDIN_FILENO;127		// SAFETY: F_GETFL/F_SETFL round-trip on a valid fd.128		let original_flags = unsafe { libc::fcntl(raw, libc::F_GETFL) };129		if original_flags < 0 {130			return Err(io::Error::last_os_error());131		}132		if unsafe { libc::fcntl(raw, libc::F_SETFL, original_flags | libc::O_NONBLOCK) } < 0 {133			return Err(io::Error::last_os_error());134		}135		Ok(Self {136			fd: AsyncFd::new(raw)?,137			original_flags,138		})139	}140}141142impl Drop for AsyncStdin {143	fn drop(&mut self) {144		// SAFETY: restoring the flags we saved on a valid fd.145		unsafe { libc::fcntl(libc::STDIN_FILENO, libc::F_SETFL, self.original_flags) };146	}147}148149impl AsyncRead for AsyncStdin {150	fn poll_read(151		self: Pin<&mut Self>,152		cx: &mut Context<'_>,153		buf: &mut ReadBuf<'_>,154	) -> Poll<io::Result<()>> {155		let this = self.get_mut();156		loop {157			let mut guard = match this.fd.poll_read_ready(cx) {158				Poll::Ready(Ok(g)) => g,159				Poll::Ready(Err(e)) => return Poll::Ready(Err(e)),160				Poll::Pending => return Poll::Pending,161			};162			let unfilled = buf.initialize_unfilled();163			let res = guard.try_io(|inner| {164				let fd = *inner.get_ref();165				// SAFETY: writing into `unfilled`'s own backing storage.166				let n = unsafe { libc::read(fd, unfilled.as_mut_ptr().cast(), unfilled.len()) };167				if n < 0 {168					Err(io::Error::last_os_error())169				} else {170					Ok(n as usize)171				}172			});173			match res {174				Ok(Ok(n)) => {175					buf.advance(n);176					return Poll::Ready(Ok(()));177				}178				Ok(Err(e)) => return Poll::Ready(Err(e)),179				Err(_would_block) => continue,180			}181		}182	}183}184185fn term_size() -> Option<(u16, u16)> {186	let mut ws: libc::winsize = unsafe { std::mem::zeroed() };187	let rc = unsafe { libc::ioctl(libc::STDIN_FILENO, libc::TIOCGWINSZ, &mut ws) };188	if rc != 0 || ws.ws_col == 0 {189		None190	} else {191		Some((ws.ws_col, ws.ws_row))192	}193}194195struct RawMode {196	original: Termios,197}198199impl RawMode {200	fn enable() -> Option<Self> {201		let stdin = std::io::stdin();202		// SAFETY: trivial libc call on a borrowed fd.203		if unsafe { libc::isatty(stdin.as_raw_fd()) } != 1 {204			return None;205		}206		let original = termios::tcgetattr(&stdin).ok()?;207		let mut raw = original.clone();208		termios::cfmakeraw(&mut raw);209		termios::tcsetattr(&stdin, SetArg::TCSANOW, &raw).ok()?;210		Some(Self { original })211	}212}213214impl Drop for RawMode {215	fn drop(&mut self) {216		let _ = termios::tcsetattr(std::io::stdin(), SetArg::TCSANOW, &self.original);217	}218}
after · cmds/remowt-ssh/src/main.rs
1use std::borrow::Cow;2use std::env::VarError;3use std::io;4use std::os::fd::{AsRawFd, RawFd};5use std::path::PathBuf;6use std::pin::Pin;7use std::task::{Context, Poll};89use anyhow::anyhow;10use clap::Parser;11use nix::libc;12use nix::sys::termios::{self, SetArg, Termios};13use remowt_client::editor::SshEditor;14use remowt_client::{AgentBundle, Remowt};15use remowt_link_shared::editor::serve_editor;16use remowt_ui_prompt::auto::AutoPrompter;17use remowt_ui_prompt::bifrost::serve_prompts;18use remowt_ui_prompt::{PrependSourcePrompter, Source};19use tokio::io::unix::AsyncFd;20use tokio::io::{AsyncRead, ReadBuf};21use tokio::signal::unix::{signal, SignalKind};22use tracing::debug;2324#[derive(Parser)]25enum Opts {26	/// Connect to remote host with remowt agent.27	Ssh {28		host: String,29		#[arg(long)]30		escalate: bool,31	},32	/// Connect to local host for testing the connectivity.33	Local {34		#[arg(long)]35		escalate: bool,36	},37}3839fn agents_dir() -> anyhow::Result<PathBuf> {40	std::env::var_os("REMOWT_AGENTS_DIR")41		.map(PathBuf::from)42		.or_else(|| option_env!("REMOWT_AGENTS_DIR").map(PathBuf::from))43		.ok_or_else(|| anyhow!("no remowt-agents bundle"))44}4546#[tokio::main(flavor = "current_thread")]47async fn main() -> anyhow::Result<()> {48	tracing_subscriber::fmt()49		.with_writer(std::io::stderr)50		.without_time()51		.init();52	let opts = Opts::parse();5354	let bundle = AgentBundle::from_dir(agents_dir()?)?;55	let (conn, escalate) = match &opts {56		Opts::Ssh { host, escalate } => (57			Remowt::connect(host, &bundle, "remowt-ssh".to_owned()).await?,58			*escalate,59		),60		Opts::Local { escalate } => (61			Remowt::connect_local(&bundle, "remowt-ssh".to_owned()).await?,62			*escalate,63		),64	};65	let mut rpc = conn.rpc();6667	serve_prompts(68		&mut rpc,69		PrependSourcePrompter {70			prompter: AutoPrompter::new().await,71			source: match opts {72				Opts::Ssh { host, .. } => vec![Source(Cow::Owned(format!("ssh host: {}", host)))],73				Opts::Local { .. } => vec![],74			},75			description: "".to_owned(),76		},77	);78	if let Some(sess) = conn.ssh() {79		serve_editor(&mut rpc, SshEditor { sess });80	}8182	debug!("entering shell");83	run_shell(&conn, escalate).await?;84	debug!("shell ended");8586	Ok(())87}8889async fn run_shell(conn: &Remowt, escalate: bool) -> anyhow::Result<()> {90	let term = match std::env::var("TERM") {91		Ok(v) => v,92		Err(VarError::NotPresent) => "xterm-256color".to_owned(),93		Err(e) => return Err(e.into()),94	};95	let (cols, rows) = term_size().unwrap_or((80, 24));9697	let shell = conn.open_shell(&term, cols, rows, escalate).await?;98	let resizer = shell.resizer();99	let stream = shell.stream;100101	let _raw = RawMode::enable();102103	if let Ok(mut winch) = signal(SignalKind::window_change()) {104		tokio::spawn(async move {105			while winch.recv().await.is_some() {106				if let Some((cols, rows)) = term_size() {107					let _ = resizer.resize(cols, rows).await;108				}109			}110		});111	}112113	let (mut from_remote, mut to_remote) = tokio::io::split(stream);114	let mut stdin = AsyncStdin::new()?;115	let mut stdout = tokio::io::stdout();116117	tokio::select! {118		r = tokio::io::copy(&mut from_remote, &mut stdout) => { r?; }119		_ = tokio::io::copy(&mut stdin, &mut to_remote) => {}120	}121122	Ok(())123}124125struct AsyncStdin {126	fd: AsyncFd<RawFd>,127	original_flags: i32,128}129130impl AsyncStdin {131	fn new() -> io::Result<Self> {132		let raw = libc::STDIN_FILENO;133		// SAFETY: F_GETFL/F_SETFL round-trip on a valid fd.134		let original_flags = unsafe { libc::fcntl(raw, libc::F_GETFL) };135		if original_flags < 0 {136			return Err(io::Error::last_os_error());137		}138		if unsafe { libc::fcntl(raw, libc::F_SETFL, original_flags | libc::O_NONBLOCK) } < 0 {139			return Err(io::Error::last_os_error());140		}141		Ok(Self {142			fd: AsyncFd::new(raw)?,143			original_flags,144		})145	}146}147148impl Drop for AsyncStdin {149	fn drop(&mut self) {150		// SAFETY: restoring the flags we saved on a valid fd.151		unsafe { libc::fcntl(libc::STDIN_FILENO, libc::F_SETFL, self.original_flags) };152	}153}154155impl AsyncRead for AsyncStdin {156	fn poll_read(157		self: Pin<&mut Self>,158		cx: &mut Context<'_>,159		buf: &mut ReadBuf<'_>,160	) -> Poll<io::Result<()>> {161		let this = self.get_mut();162		loop {163			let mut guard = match this.fd.poll_read_ready(cx) {164				Poll::Ready(Ok(g)) => g,165				Poll::Ready(Err(e)) => return Poll::Ready(Err(e)),166				Poll::Pending => return Poll::Pending,167			};168			let unfilled = buf.initialize_unfilled();169			let res = guard.try_io(|inner| {170				let fd = *inner.get_ref();171				// SAFETY: writing into `unfilled`'s own backing storage.172				let n = unsafe { libc::read(fd, unfilled.as_mut_ptr().cast(), unfilled.len()) };173				if n < 0 {174					Err(io::Error::last_os_error())175				} else {176					Ok(n as usize)177				}178			});179			match res {180				Ok(Ok(n)) => {181					buf.advance(n);182					return Poll::Ready(Ok(()));183				}184				Ok(Err(e)) => return Poll::Ready(Err(e)),185				Err(_would_block) => continue,186			}187		}188	}189}190191fn term_size() -> Option<(u16, u16)> {192	let mut ws: libc::winsize = unsafe { std::mem::zeroed() };193	let rc = unsafe { libc::ioctl(libc::STDIN_FILENO, libc::TIOCGWINSZ, &mut ws) };194	if rc != 0 || ws.ws_col == 0 {195		None196	} else {197		Some((ws.ws_col, ws.ws_row))198	}199}200201struct RawMode {202	original: Termios,203}204205impl RawMode {206	fn enable() -> Option<Self> {207		let stdin = std::io::stdin();208		// SAFETY: trivial libc call on a borrowed fd.209		if unsafe { libc::isatty(stdin.as_raw_fd()) } != 1 {210			return None;211		}212		let original = termios::tcgetattr(&stdin).ok()?;213		let mut raw = original.clone();214		termios::cfmakeraw(&mut raw);215		termios::tcsetattr(&stdin, SetArg::TCSANOW, &raw).ok()?;216		Some(Self { original })217	}218}219220impl Drop for RawMode {221	fn drop(&mut self) {222		let _ = termios::tcsetattr(std::io::stdin(), SetArg::TCSANOW, &self.original);223	}224}
modifiedcrates/remowt-client/src/lib.rsdiffbeforeafterboth
--- a/crates/remowt-client/src/lib.rs
+++ b/crates/remowt-client/src/lib.rs
@@ -249,6 +249,7 @@
 	#[allow(dead_code)]
 	children: Mutex<Vec<tokio::process::Child>>,
 	_runtime_tmp: Option<TempDir>,
+	user: String,
 }
 
 #[derive(Clone)]
@@ -259,7 +260,7 @@
 impl Remowt {
 	/// Connect to the remote host over ssh, detect the architecture and deploy the required
 	/// agent binary.
-	pub async fn connect(host: &str, bundle: &AgentBundle) -> Result<Self> {
+	pub async fn connect(host: &str, bundle: &AgentBundle, remowt_user: String) -> Result<Self> {
 		let conf = russh_config::parse_home(host)?;
 		let port = conf.host_config.port.or(conf.port).unwrap_or(22);
 		let hostname = conf
@@ -337,11 +338,12 @@
 			elevated: tokio::sync::OnceCell::new(),
 			children: Mutex::new(Vec::new()),
 			_runtime_tmp: None,
+			user: remowt_user,
 		})))
 	}
 
 	/// "Connect" to the local machine's agent, by starting the agent binary locally.
-	pub async fn connect_local(bundle: &AgentBundle) -> Result<Self> {
+	pub async fn connect_local(bundle: &AgentBundle, user: String) -> Result<Self> {
 		let agent_path = bundle.local_binary()?;
 		let mut child = tokio::process::Command::new(&agent_path)
 			.arg("real-agent")
@@ -368,6 +370,7 @@
 			elevated: tokio::sync::OnceCell::new(),
 			children: Mutex::new(vec![child]),
 			_runtime_tmp: runtime_tmp,
+			user,
 		})))
 	}
 
@@ -431,6 +434,14 @@
 				args.push("-w".to_owned());
 				args.push(tool.to_owned());
 				args.extend(flags.iter().copied().map(str::to_owned));
+				if tool == "run0" {
+					args.push(format!(
+						"--unit={}-{}-{}.scope",
+						self.0.user,
+						std::process::id(),
+						Uuid::new_v4()
+					));
+				}
 				args.push(agent_path);
 				args.push("real-agent".to_owned());
 				args.push("--privileged".to_owned());
modifiedcrates/remowt-endpoints/Cargo.tomldiffbeforeafterboth
--- a/crates/remowt-endpoints/Cargo.toml
+++ b/crates/remowt-endpoints/Cargo.toml
@@ -11,7 +11,13 @@
 serde = { workspace = true }
 tempfile.workspace = true
 thiserror.workspace = true
-tokio = { workspace = true, features = ["net", "io-util", "rt", "process"] }
+tokio = { workspace = true, features = [
+	"net",
+	"io-util",
+	"rt",
+	"process",
+	"io-std",
+] }
 tracing.workspace = true
 nix = { workspace = true, features = ["process", "signal", "term"] }
 zbus.workspace = true